My situation is, that I configure many virtual network interfaces for virtual machines and some of my networks do even have two or more addresses. I don't need ntpd
to listen to all these interfaces, but there seems no option to restrict the interfaces ntpd tries to bind to.
Besides all these "security" options in ntpd, for a system administrator, who knows his environment, the best security option is not to listen at all to interfaces. For example it would be more secure not to listen to external interfaces at all, but to restrict access through ntp configuration.
Is there any ntpd software known that can be configured to listen only to selected interfaces (as any network daemon should)?
There are two easy ways to do this, both documented in the official ntp documentation:
Use the
-I
command line option for ntpd invocationFrom ntp's documentation on command line options for ntpd
Use the
interface
directive in ntp.conf:From ntp's documentation on misc configuration options: