Simon Jolle
2008-Apr-22 09:07 UTC
[CentOS] deny other hosts from synchronizing time with NTP client
Hi CentOS users We are running CentOS 4.5 with NTP 4.2.0. # cat /etc/ntp.conf restrict default ignore restrict dns1.xxx.xxx mask 255.255.255.0 nomodify notrap noquery restrict dns2.xxx.xxx mask 255.255.255.0 nomodify notrap noquery restrict 127.0.0.1 server dns1.xxx.xxx server dns2.xxx.xxx fudge 127.127.1.0 stratum 10 driftfile /etc/ntp/drift broadcastdelay 0.008 authenticate no The problem is that other hosts are able to synchronize the time from our servers. How to disable that? # lsof -i :123 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME ntpd 4874 ntp 4u IPv4 35805 UDP *:ntp ntpd 4874 ntp 5u IPv6 35806 UDP *:ntp ntpd 4874 ntp 6u IPv4 35807 UDP localhost.localdomain:ntp ntpd 4874 ntp 7u IPv4 35808 UDP xxx:ntp ntpd 4874 ntp 8u IPv4 35809 UDP xxx:ntp ntpd 4874 ntp 9u IPv4 35810 UDP xxx:ntp ntpd 4874 ntp 10u IPv4 35811 UDP xxx:ntp NTP listens on every interface. cheers Simon -- XMPP: sjolle at swissjabber.org
Filipe Brandenburger
2008-Apr-23 01:58 UTC
[CentOS] deny other hosts from synchronizing time with NTP client
On Tue, Apr 22, 2008 at 5:07 AM, Simon Jolle <urandomdev at gmail.com> wrote:> The problem is that other hosts are able to synchronize the time from > our servers. How to disable that?Which other hosts? Other hosts in the same subnet as dns1 and dns2? If that is the problem, maybe you should try changing "mask 255.255.255.0" to "mask 255.255.255.255". The "mask 255.255.255.0" means all the class C subnet. HTH, Filipe