Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] xntpd binds udp 123 on all interfaces?!
  • From: Christopher Mahmood <ckm@xxxxxxxx>
  • Date: Fri, 16 May 2003 11:28:07 -0700
  • Message-id: <20030516182807.GR6567@xxxxxxxxxxxxxxxxxx>
* GentooRulez (paranoiac_user@xxxxxxxxxx) [030516 10:00]:
> xntpd does listen on all interfaces it found while coming up.
> i googled around and read the fine manuals but i did'nt found
> any option to bind only a certain interface to listen on udp 123
> Any suggestions ?

You need to do that with 'restrict' statements in ntp.conf. E.g.,
# Set the default policy
restrict default ignore
# Allow queries from but nothing else
restrict nomodify
# Allow localhost to do whatever it wants

Keep in mind that this is all udp and easily spoofed so you'll want
to keep your packet filtering as well.

See /usr/share/doc/packages/xntp-doc/ for details.



< Previous Next >