[CentOS] how to set ntpd listen only 127.0.0.1 ?

Fri Jun 12 03:07:02 UTC 2009
Filipe Brandenburger <filbranden at gmail.com>

Hi,

2009/6/11 MontyRee <chulmin2 at hotmail.com>:
> Is there any way or option that only listen 127.0.0.1?

I don't think so. NTP is an UDP protocol, and its packets have both
source and destination port 123, so the machine that is using NTP to
set its own clock (NTP "client") needs to listen on port 123 UDP to
receive the replies from the NTP "server".

> for security reason?

Look into the "restrict" commands in ntp.conf to implement security
policies on NTP. You can find information on how it works on "man
ntp_acc".

If you use a fixed list of NTP servers that have fixed IPs, you can
also use iptables to block access to port 123 UDP to all except those
hosts.

HTH,
Filipe