[svlug] Re: how to make ntp listen on particular ip addresses only

William R. Lorenz wrl at express.org
Wed Jul 16 13:36:06 PDT 2003


George, why not just firewall the service with IPTABLES?  The following 
two statements, added to the top of the IPTABLES stack, should do it:

  # iptables -I INPUT -p tcp --dport 123 -d 192.168.80.21 -j ACCEPT
  # iptables -I INPUT -p tcp --dport 123 -j REJECT

I realize this isn't the cleanest solution, but other than that it looks
like you'll be changing the source.  Let me know how this works for you?

On Wed, 16 Jul 2003, George Georgalis wrote:

> >> I've been using ntp-simple (debian) and would like to adjust the
> >> addresses it listens to.  In the labyrinth of doc I cannot find
> >> anything that defines the options/format of ntp.conf file. Is there

> Yep I had it, did some more digging too and found these

> Configuration Options

> Access Control Options

> but still no means to control the addresses ntp listens to, eg I want
> the output of this to be 127.0.0.1 (or in some cases 0.0.0.0, only).

> trot:~ # netstat -ptunal | grep 123
> udp        0      0 192.168.80.21:123       0.0.0.0:*              27799/ntpd
> udp        0      0 127.0.0.1:123           0.0.0.0:*              27799/ntpd
> udp        0      0 0.0.0.0:123             0.0.0.0:*              27799/ntpd

--          _ 
__ __ ___ _| | William R. Lorenz <wrl at express.org> 
\ V  V / '_| | http://www.clevelandlug.net/ ; "Every revolution was 
 \./\./|_| |_| first a thought in one man's mind." - Ralph Waldo Emerson 






More information about the svlug mailing list