Possible bug with ntpd and Iptables
D. D. Brierton
darren at dzr-web.com
Tue Aug 31 21:16:05 UTC 2004
On Tue, 2004-08-31 at 21:29, Yang Xiao wrote:
> Well, I guess you can call it a bug, but it's not difficult to do a
> iptables-save > /etc/sysconfig/iptables or even manually add the ntp
> rules to the iptables file
> to permenantly store the ntp rules before you start to make changes so
> that it won't get lost when you restart iptables?
Yang, I think you're missing Scot's point. It's not about difficulty,
it's about discoverability. Someone who has FC on a server that has
quite long uptimes might be mystified as to why the clock is completely
inaccurate despite their running ntpd because they didn't realise that
restarting iptables had firewalled it off.
I myself am happy for services to "punch holes" through the firewall
when they start up as long as iptables is somehow made aware of this
fact, so that if it has to be restarted it doesn't suddenly firewall all
those services off.
Best, Darren
--
=====================================================================
D. D. Brierton darren at dzr-web.com www.dzr-web.com
Trying is the first step towards failure (Homer Simpson)
=====================================================================
More information about the users
mailing list