Re: how to set ntpd listen only 127.0.0.1 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

2009/6/11 MontyRee <chulmin2@xxxxxxxxxxx>:
> Is there any way or option that only listen 127.0.0.1?

I don't think so. NTP is an UDP protocol, and its packets have both
source and destination port 123, so the machine that is using NTP to
set its own clock (NTP "client") needs to listen on port 123 UDP to
receive the replies from the NTP "server".

> for security reason?

Look into the "restrict" commands in ntp.conf to implement security
policies on NTP. You can find information on how it works on "man
ntp_acc".

If you use a fixed list of NTP servers that have fixed IPs, you can
also use iptables to block access to port 123 UDP to all except those
hosts.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux