Problem
I have an NTP server (Linux) and other servers are syncing their time with this NTP server. There are many servers are in the same network which can take time from the NTP server. But I want that only some servers in a range of IP addresses can take time from my NTP server.
Solution
To whitelist a range of IP addresses, I have applied a rule on my Linux NTP server firewall. I have added the below rule in /etc/sysconfig/iptables file for the IP address range 10.20.2.31 to 10.20.2.40. Here I have used the port 123 as this port is required for ntp service.
[root@ntpserver ~]# vi /etc/sysconfig/iptables
.
.
-A INPUT -p udp -m iprange --src-range 10.20.2.31-10.20.2.40 --dport 123 -j ACCEPT
.
.
Restart the firewall using the below command
[root@ntpserver ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@ntpserver ~]#
Now, servers having IP address only in range 10.20.2.31 to 10.20.2.40 will be able to take the time from NTP server, others will not.
Last Updated: September 04, 2020