Do the following:

chkconfig --level 0123456 ntpd off

Bring up the machine and do

service iptables status

which will show you what the firewall rules are in effect.

Then, repeat this again, but this time, reenable the ntpd service.

chkconfig --level 2345 ntpd on

Compare the outputs of 'service iptables status' and you should be able to
determine what the ntpd did to the firewall rules.

Good luck!

Ken



On Thu, 23 Jun 2005, Robert E. Blair wrote:

> You might want to review /etc/rc.d/init.d/ntpd since it does diddle the 
> firewall (hate to see you place restrictions that get superceded).  You 
> may need to set FIREWALL_MODS=no in /etc/sysconfig/ntpd to avoid it 
> changing the firewall rules for you.
> 
> Steven J. Yellin wrote:
> 
> >    Put the restrictions into a firewall.  For example, assuming
> >the firewall is iptables, in the INPUT chain direct all packets
> >which are not from yourself, but have destination 123, to target
> >"NTP".  Then do something like
> >
> ># Create the NTP chain
> >iptables -N NTP
> >#
> ># Specify which IP's and interfaces are accepted.  For example,
> ># accept only eth1, IP 123.123.123.123 and eth0, IP 203.14.211.14
> >iptables -A NTP -i eth1 -s 123.123.123.123 -j ACCEPT
> >iptables -A NTP -i eth0 -s 203.14.211.14 -j ACCEPT
> >#
> ># Ignore anybody else entering this chain (coming in on port 123)
> >iptables -A NTP -j DROP
> >
> >Steven Yellin
> >
> >On Thu, 23 Jun 2005, Michael Mansour wrote:
> >
> >  
> >
> >>Hi,
> >>
> >>When I run ntpd on SL3/4 and it listens on port 123 on all my interfaces,
> >>including virtual interfaces.
> >>
> >>How can I tell it to only listen on a certain IP/certain interface only?
> >>
> >>I've googled for this but can't find anything relevant.
> >>
> >>Thanks.
> >>
> >>Michael.
> >>
> >>    
> >>
> >
> >  
> >
>