Subject: | |
From: | |
Reply To: | Steven J. Yellin |
Date: | Thu, 23 Jun 2005 08:46:05 -0700 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
I haven't really checked this, but it's my impression that ntpd opens
the firewall only to those IP's which it uses as its servers. That should
not be a problem, since you presumably specified who the servers
should be and want them let through the firewall.
Steven Yellin
On Thu, 23 Jun 2005, Robert E. Blair wrote:
> You might want to review /etc/rc.d/init.d/ntpd since it does diddle the
> firewall (hate to see you place restrictions that get superceded). You
> may need to set FIREWALL_MODS=no in /etc/sysconfig/ntpd to avoid it
> changing the firewall rules for you.
>
> Steven J. Yellin wrote:
>
> > Put the restrictions into a firewall. For example, assuming
> >the firewall is iptables, in the INPUT chain direct all packets
> >which are not from yourself, but have destination 123, to target
> >"NTP". Then do something like
> >
> ># Create the NTP chain
> >iptables -N NTP
> >#
> ># Specify which IP's and interfaces are accepted. For example,
> ># accept only eth1, IP 123.123.123.123 and eth0, IP 203.14.211.14
> >iptables -A NTP -i eth1 -s 123.123.123.123 -j ACCEPT
> >iptables -A NTP -i eth0 -s 203.14.211.14 -j ACCEPT
> >#
> ># Ignore anybody else entering this chain (coming in on port 123)
> >iptables -A NTP -j DROP
> >
> >Steven Yellin
> >
> >On Thu, 23 Jun 2005, Michael Mansour wrote:
> >
> >
> >
> >>Hi,
> >>
> >>When I run ntpd on SL3/4 and it listens on port 123 on all my interfaces,
> >>including virtual interfaces.
> >>
> >>How can I tell it to only listen on a certain IP/certain interface only?
> >>
> >>I've googled for this but can't find anything relevant.
> >>
> >>Thanks.
> >>
> >>Michael.
> >>
> >>
> >>
> >
> >
> >
>
|
|
|