[ntp:questions] xntpd (NTPv3) "restrict" questions.

Pete Stephenson pete+usenet at heypete.com
Sun Jan 2 08:24:29 UTC 2005


I've been perusing the man pages and Google regarding the "restrict" 
command for ntp.conf for xntpd (ntpq -c version reports ntpq 3-5.93e Mon 
Apr 16 13:25:35 PDT 2001 (1)).

Specifically, I'd like my server to do the following things:

1) Synchronize with NTP servers specified in the "server [host.name]" 
lines of my ntp.conf files and adjust time accordingly.
2) Allow clients to query my server for time service and informational 
queries (i.e. ntpq -p time.heypete.com)
3) Disallow all connections (excepting those to/from the systems 
mentioned in the "server [host.name]" lines) that attempt to modify my 
local time.

I googled for an example configuration and located the following from 
http://www.xs4all.nl/~xpeterxq/suse_conf_files/ntp.conf.html:

restrict default notrust lowpriotrap nopeer nomodify
restrict 209.204.159.18 mask 255.255.255.0 nopeer nomodify
restrict 204.152.184.72 mask 255.255.255.0 nopeer nomodify
restrict 216.218.192.202 mask 255.255.255.0 nopeer nomodify
restrict 216.218.254.202 mask 255.255.255.0 nopeer nomodify

or

restrict default notrust lowpriotrap nopeer nomodify
restrict time.sonic.net mask 255.255.255.0 nopeer nomodify
restrict clock.isc.org mask 255.255.255.0 nopeer nomodify
restrict clock.fmt.he.net mask 255.255.255.0 nopeer nomodify
restrict clock.sjc.he.net mask 255.255.255.0 nopeer nomodify

The former returns "server returns a permission denied error" errors, 
and the latter returns "getnetnum: 'time.sonic.net' invalid host number, 
line ignored" and "server returns a permission denied error" errors.

Presently, my ntp.conf file contains (among other commands) the 
following line: "restrict default nopeer", which I'm assuming will 
restrict others from specifying my server as a peer and being able to 
manipulate my time. xntpd hasn't presented any errors about this line, 
and syncs normally with the specified servers.

I realize that xntpd is somewhat out of date, and am working on getting 
NTP 4.2.0 installed. Unfortunately, as I mentioned in a previous posting 
here, I'm having some difficulty compiling it on my system and am 
getting assistance off-group. As such, I must make do with what I have, 
which is xntpd.

Any help in regards to this aspect of the configuration file would be 
most helpful.

Cheers!

-- 
Pete Stephenson
HeyPete.com



More information about the questions mailing list