[rhn-users] Re: NTP
Cameron Simpson
cs at zip.com.au
Fri Nov 3 00:36:35 UTC 2006
On 02Nov2006 15:20, Nick Baronian <kvetch at gmail.com> wrote:
| If I want to use NTP to sync to a time server does my machine have to
| open port 123 UDP. I don't want to be a NTP server, I just want to be
| the client that polls a server. I know I can use iptables to do
| something like
| $IPTABLES -A INPUT -j ACCEPT -p tcp -s 66.187.224.4 --dport 123
| But I would like to completely close the port if possible.
| Can this be done?
NTP uses udp, not tcp.
$IPTABLES -A INPUT -j ACCEPT -p udp -s 66.187.224.4 --sport 123 --dport 123
and outbound (to make queries):
$IPTABLES -A INPUT -j ACCEPT -p udp -d 66.187.224.4 --sport 123 --dport 123
Try that. It should be obvious you can't close the port completely - how
would ntp work it not traffic can flow?
--
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/
Dope will carry you through times of no money better than money will carry
you through times of no dope! - Freewheelin' Franklin
More information about the rhn-users
mailing list