SINGLESOCK - How much to strip away?
Gary E. Miller
gem at rellim.com
Sat Jun 2 19:44:37 UTC 2018
Yo Hal!
On Sat, 02 Jun 2018 12:39:39 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:
> Gary said:
> > You may say that can be duplicate in your firewall settings. But
> > maybe you want to run two ntpd ...
>
> I assume firewalls are smart enough to allow different rules for
> different servers.
Yes, but not smart enough to allow two servers, each on the wild card
address, to server different IP ranges.
> "firewall" is potentially ambiguous in this discussion.
Yup. And asking it to split appart wild card servers is asking too much.
> My "different rules" comment was for a box. If you are talking about
> software running on the local system you may need different rules for
> each system.
You got you use cases, I got mine. We need to server them all.
> > Almost, but not quite, sufficient. ntpd still needs a way to bind
> > to some IP addresses and not others.
>
> If you can enumerate the IP Addresses that you want or the ones you
> don't want, then I think the restrict stuff will work. The default
> entry handles the others.
Yes, ntpd needs to be able to bind to specific IPs, then my use cases
are handled. With current restrict functionality.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20180602/07df7c99/attachment.bin>
More information about the devel
mailing list