How to bind ntpd to a single address?
Darren Pilgrim
The man pages don't say anything about specifying a binding address for
ntpd. A search of the sources and Google also failed to reveal anything
useful.
So how to I tell ntpd to bind to a specific IP address?
Matthew Seaman
ntpd doesn't have that functionality I'm afraid. The next best you can do
is review your /etc/ntpd.conf 'restrict' rules carefully and implement a
firewall to control access to port 123/UDP. NTP is not usually counted as
much of a security risk, and the benefits of running it certainly do outweigh
the risks.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
Kirk Strauser
> So how to I tell ntpd to bind to a specific IP address?
ISC's ntpd doesn't support that, AFAIK. However, depending on your needs,
you might be able to use OpenNTPD which does have that feature.
--
Kirk Strauser
Darren Pilgrim
> > I don't like (let alone want) ntpd binding to every IP address on
> > the host. The man pages don't say anything about specifying a
> > binding address for ntpd. A search of the sources and Google
> > also failed to reveal anything useful.
> >
> > So how to I tell ntpd to bind to a specific IP address?
>
> ntpd doesn't have that functionality I'm afraid. The next best you
> can do is review your /etc/ntpd.conf 'restrict' rules carefully and
> implement a firewall to control access to port 123/UDP.
The ntp.conf(5) man page isn't what I would consider well-written, so it's a
bit difficult understand how rules are applied. For example, if I put:
restrict default noquery nopeer limited
restrict local_network/mask nomodify
restrict peerhost nomodify
restrict 127.0.0.1
Does that mean:
- Provide only rate-limited, non-peering time service by default.
- Provide unlimited time service to the local network and also let the local
network make read-only mode 6/7 queries.
- Peers are given the same treatment as the local network.
- Let localhost do anything.