Subject: | |
From: | |
Reply To: | Robert E. Blair |
Date: | Thu, 23 Jun 2005 10:31:24 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
You might want to review /etc/rc.d/init.d/ntpd since it does diddle the
firewall (hate to see you place restrictions that get superceded). You
may need to set FIREWALL_MODS=no in /etc/sysconfig/ntpd to avoid it
changing the firewall rules for you.
Steven J. Yellin wrote:
> Put the restrictions into a firewall. For example, assuming
>the firewall is iptables, in the INPUT chain direct all packets
>which are not from yourself, but have destination 123, to target
>"NTP". Then do something like
>
># Create the NTP chain
>iptables -N NTP
>#
># Specify which IP's and interfaces are accepted. For example,
># accept only eth1, IP 123.123.123.123 and eth0, IP 203.14.211.14
>iptables -A NTP -i eth1 -s 123.123.123.123 -j ACCEPT
>iptables -A NTP -i eth0 -s 203.14.211.14 -j ACCEPT
>#
># Ignore anybody else entering this chain (coming in on port 123)
>iptables -A NTP -j DROP
>
>Steven Yellin
>
>On Thu, 23 Jun 2005, Michael Mansour wrote:
>
>
>
>>Hi,
>>
>>When I run ntpd on SL3/4 and it listens on port 123 on all my interfaces,
>>including virtual interfaces.
>>
>>How can I tell it to only listen on a certain IP/certain interface only?
>>
>>I've googled for this but can't find anything relevant.
>>
>>Thanks.
>>
>>Michael.
>>
>>
>>
>
>
>
|
|
|