On 6/17/2003, "Manuel Kasper" <mk at neon1 dot net> wrote:
>On Tue, 17 Jun 2003, Fred Wright wrote:
>> I don't think including a default server is a good idea. The admin might
>> get annoyed if everyone on the planet started using that one particular
>> server because nobody bothered to change the setting. :-) Not to mention
pool.ntp.org has been setup for this purpose as I understand it...basically a
round robin of a lot of public stratum2/3 NTP servers, meant for use where
you just want "good enough" time sync.
>Alright. I think it'd be better to disable the NTP server by default and
>have the user explicitly enable it (and specify a server) when he/she
>needs it. Not running any unnecessary services is always a good idea on a
But yes, a firewall should have a very minimal set of default services. The
commercial firewalls I have used (Netscreens mainly) all have NTP disabled by
default. They display a banner when you start them up the first time that
reminds you to set the clock though.