[ntp:questions] problem with pool directive?
Rob
nomail at example.com
Mon Nov 10 19:55:20 UTC 2014
Dave Morgan <morgad at eclipse.co.uk> wrote:
>> Yes I have the now default "restrict" lines, to remedy the DDOS problem.
>> There are no specific restrict lines for my other servers.
>> Do I need a specific one for the pool directive?
>
> add a 'source' restrict line ?
>
> excerpts from my ntp.conf
>
> pool 0.uk.pool.ntp.org iburst preempt
>
> # By default, exchange time with everybody, but don't allow configuration.
> restrict default kod limited nomodify notrap nopeer noquery
> restrict -6 default kod limited nomodify notrap nopeer noquery
> restrict source limited nomodify notrap
>
> # Local users may interrogate the ntp server more closely.
> restrict localhost
> restrict 127.0.0.1
> restrict ::1
>
> best regards
> Dave
Ok but why do I need to remove the "nopeer" and "noquery" restrictions
for a pool member? This does not appear to be necessary for a "server".
Or is there some implicit restrict line for a server that is not there
for a pool member?
(it was my impression that "noquery" limits status queries, not time
queries, and that "nopeer" is affecting only "peer" directives)
More information about the questions
mailing list