What does the "listen on interface" for NTP(d) really mean?
-
Setting up 2.2.4 from a fresh install, and I'm a bit confused with setting up the NTP service.
Under Services->NTP at the top of the page there is an Interface(s) section.
There are four options for selction here, nothing, WAN, LAN or WAN+LAN.This is the prompt text for this selection:
Interfaces without an IP address will not be shown. Selecting no interfaces will listen on all interfaces with a wildcard. Selecting all interfaces will explicitly listen on only the interfaces/IPs specified.
I don't want to expose the NTPd service on the pfsense to the WAN interface - but cursory searches seem to indicate the best approach is to leave the default option active, which is to use all interfaces.
I have searched through the pfSense book and nothing there makes it any clearer.Is there a "for dummies" explanation of this?
-
You won't expose anything in the first place unless you allow UDP/123 access on WAN.
-
You won't expose anything in the first place unless you allow UDP/123 access on WAN.
Consider it to be an option flaw if the WAN selection does not establish the necessary rules.