SINGLESOCK - How much to strip away?

Gary E. Miller gem at rellim.com
Sat Jun 2 19:44:37 UTC 2018


Yo Hal!

On Sat, 02 Jun 2018 12:39:39 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:

> Gary said:
> > You may say that can be duplicate in your firewall settings.  But
> > maybe you want to run two ntpd ...  
> 
> I assume firewalls are smart enough to allow different rules for
> different servers.

Yes, but not smart enough to allow two servers, each on the wild card
address, to server different IP ranges.

> "firewall" is potentially ambiguous in this discussion.

Yup.  And asking it to split appart wild card servers is asking too much.

> My "different rules" comment was for a box.  If you are talking about 
> software running on the local system you may need different rules for
> each system.

You got you use cases, I got mine.  We need to server them all.

> > Almost, but not quite, sufficient.  ntpd still needs a way to bind
> > to some IP addresses and not others.   
> 
> If you can enumerate the IP Addresses that you want or the ones you
> don't want, then I think the restrict stuff will work.  The default
> entry handles the others.

Yes, ntpd needs to be able to bind to specific IPs, then my use cases
are handled.  With current restrict functionality.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20180602/07df7c99/attachment.bin>


More information about the devel mailing list