Error when trying sync time using ntp
Chris Gow
sniffy-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Mon Jan 10 21:26:01 UTC 2005
On January 10, 2005 02:48 pm, Taavi Burns wrote:
> On Mon, 10 Jan 2005 13:04:16 -0500, Chris Gow <sniffy-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org> wrote:
> > Yeah. My firewall was/is blocking ntp UDP requests. Since I only
> > want/need to sync the time when my laptop boots, I've added a startup
> > script that executes before the firewall starts up. Of course for some
> > reason, host names can't be resolved when it runs (though the network has
> > started up by then :( ). Oh well, that's another problem.
>
> You mean that your network interface comes up before your firewall? Tsk
> tsk.
>
> That's a big no-no. Not quite as bad as starting services before starting
> up the firewall, but still a no-no. What's the point of a firewall if it's
> not ALWAYS
> guarding your network interfaces?
>
> Why not add ntp packets to the allowable list? If it's just during
> startup, you could even alter the firewall rules to allow it, do the ntp
> bits, and then remove
> the firewall rule. But that much work is probably only worth it if you're
> truly paranoid, and it sounds like you're not (running up the firewall
> after the interface
> comes up, that is). ;)
I'm using the built-in firewall that comes with SuSe 8.2. I never really
thought about it before (figuring that my distro would do the right thing). I
also tried allowing ntp/123 through the config wizard for the fw, but it
still winds up blocking the UDP ports. Guess I ought to forgo the wizard and
do it by hand.
-- chris
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list