On Tue, 2004-08-31 at 15:22, Scot L. Harris wrote: > On Tue, 2004-08-31 at 16:04, Yang Xiao wrote: > > > The port is opened by the /etc/init.d/ntp script, this means you need > > to restart ntp after you restart iptables. > > > > Yang > > I understand where ntp opens the ports. But if you don't realize that > this is happening and you restart iptables for some reason without > restarting ntp then the ports are closed. > > This seems like a poor way to do things. What happens when another > application is configured like ntp and you now have to remember to > restart several applications just because the ports were closed when you > did some testing or modified your iptables rules? Plus it could become > difficult to track down all the scripts that modify your iptables rule > set. > > I think ntp is the only one that does this currently. Should this not > be moved to the /etc/sysconfig/iptables file and taken out of the ntp > startup scripts? > On mine I have no special port open for ntp, and it works thru the firewall. IIRC iptables has rules for established & related connections. Mine also allows any outgoing connections to be started without hindrance. If you mean ntpd and running a time server, then you need a rule in iptables to allow other hosts to connect to your server on that port.
