Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to bind ntpd to a specific IP address on Linux/Unix, which has a certain reference value, and interested friends can refer to it. I hope you can learn a lot after reading this article.

By default, our ntpd/NTP server listens on all ports or IP addresses, that is, 0.0.0.0purl 123. How can I make sure that only a specific IP address, such as localhost or 192.168.1.1 IP 123, is listened on on a Linux or FreeBSD Unix server?

NTP is an acronym for the Network time Protocol Network Time Protocol, a protocol used to synchronize time between two computers. Ntpd is an operating system daemon that sets and ensures that the system's time is synchronized with the Internet standard time server.

NTP uses ntp.conf under / etc/directory as the configuration file.

Port instructions in / etc/ntp.conf

You can prevent the ntpd from listening on 0.0.0.0 123 by setting the port command. The syntax is as follows:

Interface listen IPv4 | IPv6 | allinterface ignore IPv4 | IPv6 | allinterface drop IPv4 | IPv6 | all

The above configuration allows ntpd to listen to that address or discard it without making any requests. Ignore prevents matching addresses from being opened, and drop causes ntpd to open that address and discard all received packets without checking. For example, if you want to ignore snooping on all ports, add the following statement to / etc/ntp.conf:

Interface ignore wildcard

This is true if only 127.0.0.1 and 192.168.1.1 are listening:

Interface listen 127.0.0.1interface listen 192.168.1.1

This is the sample / etc/ntp.conf file on my FreeBSD CVM:

$egrep-v'^ # | $^'/ etc/ntp.conf

The sample output is:

Tos minclock 3 maxclock 6pool 0.freebsd.pool.ntp.org iburstrestrict default limited kod nomodify notrap noquery nopeerrestrict-6 default limited kod nomodify notrap noquery nopeerrestrict source limited kod nomodify notrap noqueryrestrict 127.0.0.1restrict-6:: 1leapfile "/ var/db/ntpd.leap-seconds.list" interface ignore wildcardinterface listen 172.16.3.1interface listen 10.105.28.1 restart ntpd

Reload / restart ntpd on top of FreeBSD Unix:

$sudo / etc/rc.d/ntpd restart

Or use the following command on top of Debian and Ubuntu Linux:

$sudo systemctl restart ntp

Or use the following command on top of CentOS/RHEL 7/Fedora Linux:

$sudo systemctl restart ntpd check

Use the netstat and ss commands to check that ntpd is only bound to a specific IP address:

$netstat-tulpn | grep: 123

Or:

$ss-tulpn | grep: 123

Sample output:

Udp 0 0 10 10 5 28 1 12 3 0 0 0 *-udp 0 0 172.16.3 1 3 3 0 0 0 *-

Use the sockstat command on the FreeBSD Unix server:

$sudo sockstat$ sudo sockstat-4$ sudo sockstat-4 | grep: 123

Sample output:

Root ntpd 59914 22 udp4 127.0.0.1 * * root ntpd 59914 24 udp4 127.0.1.1 * * Thank you for reading this article carefully. I hope the article "how to bind ntpd to a specific IP address on Linux/Unix" shared by the editor will be helpful to you. At the same time, I hope you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.