On Tue, 2004-08-31 at 15:22, Scot L. Harris wrote:
On Tue, 2004-08-31 at 16:04, Yang Xiao wrote:
The port is opened by the /etc/init.d/ntp script, this means you need to restart ntp after you restart iptables.
Yang
I understand where ntp opens the ports. But if you don't realize that this is happening and you restart iptables for some reason without restarting ntp then the ports are closed.
This seems like a poor way to do things. What happens when another application is configured like ntp and you now have to remember to restart several applications just because the ports were closed when you did some testing or modified your iptables rules? Plus it could become difficult to track down all the scripts that modify your iptables rule set.
I think ntp is the only one that does this currently. Should this not be moved to the /etc/sysconfig/iptables file and taken out of the ntp startup scripts?
On mine I have no special port open for ntp, and it works thru the firewall.
IIRC iptables has rules for established & related connections. Mine also allows any outgoing connections to be started without hindrance.
If you mean ntpd and running a time server, then you need a rule in iptables to allow other hosts to connect to your server on that port.