diff options
authorpetere <petere@0070b5ef-2f16-0410-befa-9a02bd1d6ddb>2010-07-03 03:57:09 +0000
committerpetere <petere@0070b5ef-2f16-0410-befa-9a02bd1d6ddb>2010-07-03 03:57:09 +0000
commitdec3697b2288b8805d29dbba1d28847f0b28615a (patch)
parent3a31a3a71322a5fdeb6b6611961996b76647a5bc (diff)
Document ntpd -I option and ntp.conf interface command (closes: #506389)
git-svn-id: svn:// 0070b5ef-2f16-0410-befa-9a02bd1d6ddb
3 files changed, 27 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index cf326f0..3142af8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,9 @@ ntp (1:4.2.6.p1+dfsg-2) UNRELEASED; urgency=low
* Update command options section in ntp.conf(5) man page, drop "dynamic"
option (closes: #553976)
+ * Document ntpd -I option and ntp.conf interface command (closes: #506389)
- -- Peter Eisentraut <> Fri, 02 Jul 2010 23:31:17 -0400
+ -- Peter Eisentraut <> Fri, 02 Jul 2010 23:54:22 -0400
ntp (1:4.2.6.p1+dfsg-1) unstable; urgency=low
diff --git a/debian/man/ntp.conf.5 b/debian/man/ntp.conf.5
index a0aea7d..47d54b2 100644
--- a/debian/man/ntp.conf.5
+++ b/debian/man/ntp.conf.5
@@ -326,6 +326,24 @@ separate file. Include files may be nested to a depth of five; upon reaching
the end of any include file, command processing resumes in the previous
configuration file. This option is useful for sites that run \fBntpd\fR on
multiple hosts, with (mostly) common options (e.g., a restriction list).
+.B interface \fR[\fBlisten\fR | \fBignore\fR | \fBdrop\fR] [\fBall\fR | \fBipv4\fR | \fBipv6\fR | \fBwildcard\fR | \fIname\fR | \fIaddress\fR[/\fIprefixlen\fR]]
+This command controls which network addresses \fBntpd\fR opens, and
+whether input is dropped without processing. The first parameter
+determines the action for addresses which match the second
+parameter. That parameter specifies a class of addresses, or a
+specific interface name, or an address. In the address case,
+\fIprefixlen\fR determines how many bits must match for this rule to
+apply. \fBignore\fR prevents opening matching addresses, \fBdrop\fR
+causes \fBntpd\fR to open the address and drop all received packets
+without examination. Multiple \fBinterface\fR commands can be
+used. The last rule which matches a particular address determines the
+action for it. \fBinterface\fR commands are disabled if any \fB\-I\fR,
+\fB\-\-interface\fR, \fB\-L\fR, or \fB\-\-novirtualips\fR command-line
+options are used. If none of those options are used and no
+\fBinterface\fR actions are specified in the configuration file, all
+available network addresses are opened. The \fBnic\fR command is an
+alias for \fBinterface\fR.
diff --git a/debian/man/ntpd.8 b/debian/man/ntpd.8
index d64ae55..1b2f97f 100644
--- a/debian/man/ntpd.8
+++ b/debian/man/ntpd.8
@@ -86,6 +86,13 @@ Chroot the server to the directory \fIjaildir\fR.
This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security).
You may need to also specify a \fB\-u\fR option.
+.B \-I \fR[\fIaddress\fR | \fIinterface name\fR]
+Open the network address given, or all the addresses associated with
+the given interface name. This option may appear multiple times.
+This option also implies not opening other addresses, except wildcard
+and localhost. This option is deprecated. Please consider using the
+configuration file \fBinterface\fR command, which is more versatile.
\fB\-k\fR \fIkeyfile\fR
Specify the name and path of the symmetric key file, default \fI/etc/ntp.keys\fR.
This is the same operation as the keys \fIkeyfile\fR configuration command.