By default ntpd listens on all interfaces
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ntp (Ubuntu) |
Opinion
|
Wishlist
|
Unassigned |
Bug Description
The default ntp configuration that ships with ubuntu has ntp listening on all interfaces when in most instances that's not needed. Adding the line:
interface ignore wildcard
to ntp.conf disables this and makes ntp only listen to localhost, which is enough for things like ntpq to still work. It would probably be even safer for it not to listen on any interfaces but that doesn't seem to be possible as "interface ignore all" seems to be completely ignored and "interface ignore lo" only disables localhost on ipv6. It seems listening to localhost on ipv4 is hardcoded into ntpd.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: ntp 1:4.2.6.
ProcVersionSign
Uname: Linux 2.6.38-11-generic x86_64
Architecture: amd64
Date: Sat Sep 24 20:04:13 2011
EcryptfsInUse: Yes
ProcEnviron:
LANGUAGE=en_US:en
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: ntp
UpgradeStatus: Upgraded to natty on 2011-05-07 (140 days ago)
It seems "interface ignore wildcard" doesn't actually work as ntpd needs those listening interfaces to get packets back. openntpd seems to do without these though so it would be good if ntpd was also able to.