On Tuesday 28 August 2001 15:45, Ralph Seichter wrote:
I'd like to run a time service like 'xntp' on my firewall machine (Kernel 2.4 w/ iptables, no DMZ) which should be able to
If you have some setup tips or sample 'iptables' scripts to share, that'd be fine.
my suggestions are: iptables entries for ntp: ------------------------------- iptables -t filter -A INPUT -i <your interface> -m state -p udp -d <your ip> -s <ntp server> --sport 123 --state ESTABLISHED -j ACCEPT iptables -t filter -A OUTPUT -o <your interface> -m state -p udp -s <your ip> -d <ntp server> --dport 123 --state NEW,ESTABLISHED -j ACCEPT ------------------------------- This allows (AFAIK) only connections originated from your server, even with udp. entries for the remote server in /etc/ntp.conf: ------------------------------- server a.b.c.d restrict a.b.c.d noquery nomodify notrap ------------------------------- any comments from the list ? Andreas Baetz ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************