SINGLESOCK - How much to strip away?

Gary E. Miller gem at
Sat Jun 2 19:44:37 UTC 2018

Yo Hal!

On Sat, 02 Jun 2018 12:39:39 -0700
Hal Murray via devel <devel at> wrote:

> Gary said:
> > You may say that can be duplicate in your firewall settings.  But
> > maybe you want to run two ntpd ...  
> I assume firewalls are smart enough to allow different rules for
> different servers.

Yes, but not smart enough to allow two servers, each on the wild card
address, to server different IP ranges.

> "firewall" is potentially ambiguous in this discussion.

Yup.  And asking it to split appart wild card servers is asking too much.

> My "different rules" comment was for a box.  If you are talking about 
> software running on the local system you may need different rules for
> each system.

You got you use cases, I got mine.  We need to server them all.

> > Almost, but not quite, sufficient.  ntpd still needs a way to bind
> > to some IP addresses and not others.   
> If you can enumerate the IP Addresses that you want or the ones you
> don't want, then I think the restrict stuff will work.  The default
> entry handles the others.

Yes, ntpd needs to be able to bind to specific IPs, then my use cases
are handled.  With current restrict functionality.

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list