While trying to lock down ntpd without a firewall, I was trying to do one of two things: 1. Get ntpd to listen only on localhost to avoid opening up potential security backdoors. 2. Get ntpd to listen to a select set of addresses. Point was to get ntpd to function in a 'more secure' manner like ntpdate. It doesn't seem that there's a 'listen only on select addresses option' available in ntpd, so 1. looks impossible. According to the documentation though, I should be able to restrict access to just localhost, so 2. should be doable [1]. In reality, this option doesn't seem to work as advertised, s.t. if I set 'restrict ignore default' it will reject all requests. 1. http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.2.1. How-To-Repeat: # sh # cat > /etc/ntp.conf <<EOF server 0.freebsd.pool.ntp.org iburst maxpoll 9 server 1.freebsd.pool.ntp.org iburst maxpoll 9 server 2.freebsd.pool.ntp.org iburst maxpoll 9 restrict default ignore restrict 65.75.130.21 restrict 127.0.0.1 restrict -6 ::1 EOF # service ntpd restart
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
This was a case of erronious configuration.