What does the "listen on interface" for NTP(d) really mean?



  • Setting up 2.2.4 from a fresh install, and I'm a bit confused with setting up the NTP service.

    Under Services->NTP at the top of the page there is an Interface(s) section.
    There are four options for selction here, nothing, WAN, LAN or WAN+LAN.

    This is the prompt text for this selection:

    
    Interfaces without an IP address will not be shown.
    
    Selecting no interfaces will listen on all interfaces with a wildcard.
    Selecting all interfaces will explicitly listen on only the interfaces/IPs specified. 
    
    

    I don't want to expose the NTPd service on the pfsense to the WAN interface - but cursory searches seem to indicate the best approach is  to leave the default option active, which is to use all interfaces.
    I have searched through the pfSense book and nothing there makes it any clearer.

    Is there a "for dummies" explanation of this?


  • Banned

    You won't expose anything in the first place unless you allow UDP/123 access on WAN.



  • @doktornotor:

    You won't expose anything in the first place unless you allow UDP/123 access on WAN.

    Consider it to be an option flaw if the WAN selection does not establish the necessary rules.


Log in to reply