Possible bug with ntpd and Iptables

Jeff Vian jvian10 at charter.net
Tue Aug 31 22:58:38 UTC 2004


On Tue, 2004-08-31 at 15:22, Scot L. Harris wrote:
> On Tue, 2004-08-31 at 16:04, Yang Xiao wrote:
> 
> > The port is opened by the /etc/init.d/ntp script, this means you need
> > to restart ntp after you restart iptables.
> > 
> > Yang
> 
> I understand where ntp opens the ports.  But if you don't realize that
> this is happening and you restart iptables for some reason without
> restarting ntp then the ports are closed.
> 
> This seems like a poor way to do things.  What happens when another
> application is configured like ntp and you now have to remember to
> restart several applications just because the ports were closed when you
> did some testing or modified your iptables rules?  Plus it could become
> difficult to track down all the scripts that modify your iptables rule
> set.
> 
> I think ntp is the only one that does this currently.  Should this not
> be moved to the /etc/sysconfig/iptables file and taken out of the ntp
> startup scripts?
> 

On mine I have no special port open for ntp, and it works thru the
firewall.

IIRC iptables has rules for established & related connections.  Mine
also allows any outgoing connections to be started without hindrance.

If you mean ntpd and running a time server, then you need a rule in
iptables to allow other hosts to connect to your server on that port.





More information about the users mailing list