[ntp:questions] Re: ntpd without binding?

t_pascal at my-deja.com t_pascal at my-deja.com
Sun Aug 14 19:02:47 UTC 2005


Danny Mayer wrote:
> t_pascal at my-deja.com wrote:
> > Using ntp-4.1.2 on RedHat ES 3, I'd like to configure a "client only"
> > ntp system.  Easy enough to edit ntp.conf, but I'm trying to get ntpd
> > to stop listening on port 123 (blocked by iptables anyway).  Any way to
> > stop binding to interfaces, or select which (internal) interface I want
> > to listen only?
> >
>
> Well I implemented an option to specify which interface to listen on,
> but it will bind all other the others anyway but drop any packets it
> receives on those interfaces. It will always listen on the loopback
> addresses so you can do local queries. It's in the latest development
> builds. -L eth0 is the command line option but I believe that the letter
> will be changed.
>

I don't know if that is good, but I will wait to see.  The general idea
is that I don't want any ports bound on (for example) a bastion host,
even if I have a firewall, packet filter router, etc., in front of it.
I suppose it's OK to have a LAN full of clients who listen on ports
they'll never use (still a security problem, but whatever), but not on
security audited, outward facing machines.

The only other alternative is run ntpdate periodically, which is what
I've been doing since 1996 (at least).




More information about the questions mailing list