[ntp:questions] Interface restrictions confusing me
David Woolley
david at ex.djwhome.demon.invalid
Wed Oct 14 07:11:38 UTC 2009
Brian Utterback wrote:
> You misunderstand. David's answer has nothing to do with firewalls. The
> ntpd daemon binds the addresses so that it can choose the port and
> addresses to send on.
I gave him the benefit of the doubt and assumed he meant that, if you
are really paranoid about the port being open, you can configure your
firewall to only allow traffic in for a short period after each outgoing
poll.
Of course, on an internal network, blocking port 123 also makes it
difficult to remotely diagnose NTP problems on that machine, although
you can also block such access in ntp[d].conf.
More information about the questions
mailing list