[ntp:questions] NTP on small 100% Linux LAN : reasonable access control policy ?

Rob nomail at example.com
Sun Aug 1 15:37:43 UTC 2010


Niki Kovacs <mickey at mouse.com> wrote:
> I'm open for suggestions if there's something wrong with my setup.

Yes your setup is OK.
It will be possible to query your server from internet, if it is
reachable, but there is really nothing wrong with that.
I have run my server with a similar configuration (but I left out the
kod because I found that does more wrong than good) and published it
for the pool, and it worked well.
Then I had to change my internet connection and I dropped it from the
pool again, but there was never any trouble because of the fact that
people could query the time from internet.

I think the very severe "restrict default ingnore" is not required,
and people who want to use such an approach should simply block udp port
123 requests in the firewall.




More information about the questions mailing list