[ntp:questions] problem with pool directive?

Rob nomail at example.com
Mon Nov 10 19:55:20 UTC 2014


Dave Morgan <morgad at eclipse.co.uk> wrote:
>> Yes I have the now default "restrict" lines, to remedy the DDOS problem.
>> There are no specific restrict lines for my other servers.
>> Do I need a specific one for the pool directive?
>
> add a 'source' restrict line ?
>
> excerpts from my ntp.conf
>
> pool 0.uk.pool.ntp.org iburst preempt
>
> # By default, exchange time with everybody, but don't allow configuration.
> restrict default kod limited nomodify notrap nopeer noquery
> restrict -6 default kod limited nomodify notrap nopeer noquery
> restrict source limited nomodify notrap
>
> # Local users may interrogate the ntp server more closely.
> restrict localhost
> restrict 127.0.0.1
> restrict ::1
>
> best regards
> Dave

Ok but why do I need to remove the "nopeer" and "noquery" restrictions
for a pool member?  This does not appear to be necessary for a "server".

Or is there some implicit restrict line for a server that is not there
for a pool member?

(it was my impression that "noquery" limits status queries, not time
queries, and that "nopeer" is affecting only "peer" directives)



More information about the questions mailing list