Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] xntpd binds udp 123 on all interfaces?!
  • From: Christopher Mahmood <ckm@xxxxxxxx>
  • Date: Fri, 16 May 2003 11:28:07 -0700
  • Message-id: <20030516182807.GR6567@xxxxxxxxxxxxxxxxxx>
* GentooRulez (paranoiac_user@xxxxxxxxxx) [030516 10:00]:
> xntpd does listen on all interfaces it found while coming up.
> i googled around and read the fine manuals but i did'nt found
> any option to bind only a certain interface to listen on udp 123
>
> Any suggestions ?

You need to do that with 'restrict' statements in ntp.conf. E.g.,
# Set the default policy
restrict default ignore
# Allow queries from 10.0.0.0/8 but nothing else
restrict 10.0.0.0 255.0.0.0 nomodify
# Allow localhost to do whatever it wants
restrict 127.0.0.1

Keep in mind that this is all udp and easily spoofed so you'll want
to keep your packet filtering as well.

See /usr/share/doc/packages/xntp-doc/ for details.

--

-ckm

< Previous Next >
References