[ntp:questions] problem with "restrict default ignore"

Rob nomail at example.com
Fri Jul 30 09:30:28 UTC 2010


J. Bakshi <joydeep at infoservices.in> wrote:
> Hello list,
>
> I like to secure my ntp daemon with "restrict default ignore" but ntp stops synchronizing with this configuration; though I have restrict lines for ntp servers. My ntp.conf is simple as below
>
> ``````````````````````````````
> driftfile /var/lib/ntp/ntp.drift
>
> server 0.asia.pool.ntp.org iburst dynamic
> server 1.asia.pool.ntp.org iburst dynamic
>
> restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
> restrict default ignore
> restrict 0.asia.pool.ntp.org  notrap noquery
> restrict 1.asia.pool.ntp.org  notrap noquery
> restrict 127.0.0.1
> ```````````````````````````````````````
>
> ntp starts working if I remove "restrict default ignore" . Is not the restrict lines with server
> designed to work with "restrict default ignore" ? I am very much confused here, any clue please ?

It does not work because 0.asia.pool.ntp.org returns a different value
every time, so the server 0.asia.pool.ntp.org and the restrict line
with 0.asia.pool.ntp.org don't work with the same value.  The restrict
does not match the server.




More information about the questions mailing list