[ntp:questions] Restrict statements and the "pool" directive

Paul tik-tok at bodosom.net
Sun Dec 21 19:14:37 UTC 2014


On Sun, Dec 21, 2014 at 9:19 AM, David Taylor
<david-taylor at blueyonder.co.uk.invalid> wrote:
> The except was that if you have a local node defined as a server, and you
want that node to be able to issue ntpq commands, it seems that the
configuration I suggested blocks this, even adding "query" to the
192.168.0.0 line:

Note that "query
"
and "peer" are not RESTRICT keywords (they can be useful/confusing as
commentary).  Not saying NOPEER means "peer" associations are permitted if
peer associations are otherwise enabled.

> restrict default notrap nomodify nopeer noquery
> restrict 192.168.0.0 mask 255.255.255.0 peer query

So the above is the same as
:

restrict default notrap nomodify nopeer noquery
restrict 192.168.0.0 mask 255.255.255.0

> restrict default notrap nomodify nopeer query
> restrict 192.168.0.0 mask 255.255.255.0 peer

and
the above is the same as:

restrict default notrap nomodify nopeer
restrict 192.168.0.0 mask 255.255.255.0

Which is probably not what you want.  Assuming the
RESTRICT lines here are what you're using the hosts that can't query
are not on 192.168.0 or something else is block
ing
the query packets.


More information about the questions mailing list