Re: Possible bug with ntpd and Iptables

[Yang Xiao <yxiao2004 gmail com>]

On Tue, 31 Aug 2004 16:22:32 -0400, Scot L. Harris <webid cfl rr com> wrote:
> On Tue, 2004-08-31 at 16:04, Yang Xiao wrote:
> 
> > The port is opened by the /etc/init.d/ntp script, this means you need
> > to restart ntp after you restart iptables.
> >
> > Yang
> 
> I understand where ntp opens the ports.  But if you don't realize that
> this is happening and you restart iptables for some reason without
> restarting ntp then the ports are closed.
> 
> This seems like a poor way to do things.  What happens when another
> application is configured like ntp and you now have to remember to
> restart several applications just because the ports were closed when you
> did some testing or modified your iptables rules?  Plus it could become
> difficult to track down all the scripts that modify your iptables rule
> set.
> 
> I think ntp is the only one that does this currently.  Should this not
> be moved to the /etc/sysconfig/iptables file and taken out of the ntp
> startup scripts?
> 
> --
> Scot L. Harris
> webid cfl rr com
> 
> We are all so much together and yet we are all dying of loneliness.
>                -- A. Schweitzer
Well, I guess you can call it a bug, but it's not difficult to do a
iptables-save > /etc/sysconfig/iptables or even manually add the ntp
rules to the iptables file
to permenantly store the ntp rules before you start to make changes so
that it won't get lost when you restart iptables?

Yang