On Wed, Jan 8, 2014 at 7:56 PM, Bill Unruh <unruh@xxxxxxxxxxxxxx> wrote: > Why does it matter? Anyway, look at the deny
> command. deny all
Thank you for the tip.
> An open port does not mean anything except to tell the system > "If some packet has that port address, send it to chrony for
> taking care of it."
That is right - it might not be a problem. I was just cautious about having open ports (maybe there is a security hole on chrony) and also was comparing chrony to openntpd which one can configure to not listen on any network interface.