From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Description of problem: /etc/init.d/ntpd function start() determines timeservers incorrectly, because it does not accept any additional server options nor comments. As a result, "service ntpd start" can produce failed iptables updates. Suggestion: Modify the flawed section as follows: timeservers=`/bin/sed \ -n -e 's/\#.*$//;/127.*/d' \ -e 's/^[[:blank:]]*server[[:blank:]][[:blank:]]*\(.*\)/\1/p' \ -e 's/^[[:blank:]]*server[[:blank:]]+\([[:alnum:].]+\)[[:blank:]]*.*/\1/p' \ -e 's/^[[:blank:]]*peer[[:blank:]]+\([[:alnum:].]+\)[[:blank:]]*.*/\1/p' \ $ntpconf | awk '{print $1}'` where the added "| awk ..." bit guards against additional information on the /etc/ntp.conf server or peer line. Version-Release number of selected component (if applicable): ntp-4.1.2-0.rc1.2 How reproducible: Always Steps to Reproduce: 1. service iptables start (if needed) 2. edit /etc/ntp.conf to add "server 192.43.244.18 maxpoll 8" 3. service ntpd start (or restart, as needed) Actual Results: ntpd: Opening firewall for host "maxpoll" fails, but host "8" succeeds, which open (minor) holes in the firewall: Chain RH-Lokkit-0-50-INPUT (2 references) target prot opt source destination ACCEPT udp -- 0.0.0.8 0.0.0.0/0 udp spt:123 dpt:123 Expected Results: ntpd: should open firewall port only for the NTP server addresses, not for other parameters on the same line Additional info: ntpd: Opening firewall for input from 192.43.244.18 port 123 [ OK ] ntpd: Opening firewall for input from maxpoll port 123iptables v1.2.7a: host/network `maxpoll' not found Try `iptables -h' or 'iptables --help' for more information. [FAILED] ntpd: Opening firewall for input from 8 port 123 [ OK ]