[ previous ] [ next ] [ threads ]
 
 From:  "James Braid" <jamesb at digipost dot co dot nz>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: time client/server proposal - comments please
 Date:  Tue, 17 Jun 2003 11:22:33 +0000
On 6/17/2003, "Manuel Kasper" <mk at neon1 dot net> wrote:
>On Tue, 17 Jun 2003, Fred Wright wrote:
>> I don't think including a default server is a good idea.  The admin might
>> get annoyed if everyone on the planet started using that one particular
>> server because nobody bothered to change the setting. :-) Not to mention

pool.ntp.org has been setup for this purpose as I understand it...basically a
round robin of a lot of public stratum2/3 NTP servers, meant for use where
you just want "good enough" time sync.

>Alright. I think it'd be better to disable the NTP server by default and
>have the user explicitly enable it (and specify a server) when he/she
>needs it. Not running any unnecessary services is always a good idea on a
>firewall...

But yes, a firewall should have a very minimal set of default services. The
commercial firewalls I have used (Netscreens mainly) all have NTP disabled by
default. They display a banner when you start them up the first time that
reminds you to set the clock though.

- James