[ntp:questions] Interface restrictions confusing me

David Woolley david at ex.djwhome.demon.invalid
Wed Oct 14 07:11:38 UTC 2009


Brian Utterback wrote:

> You misunderstand. David's answer has nothing to do with firewalls. The 
> ntpd daemon binds the addresses so that it can choose the port and 
> addresses to send on.

I gave him the benefit of the doubt and assumed he meant that, if you 
are really paranoid about the port being open, you can configure your 
firewall to only allow traffic in for a short period after each outgoing 
poll.

Of course, on an internal network, blocking port 123 also makes it 
difficult to remotely diagnose NTP problems on that machine, although 
you can also block such access in ntp[d].conf.




More information about the questions mailing list