[ntp:questions] Re: Configuring a server and clients behind a firewall

Ronan Flood ronan at noc.ulcc.ac.uk
Tue Feb 1 16:07:41 UTC 2005


Steve Kostecke <kostecke at ntp.isc.org> wrote:

> Here are some barebones configuration files. They do not contain any
> restrictions. If you do want to use restrictions you will not be able to
> use server host names that resolve to multiple IP addresses (e.g.
> *.pool.ntp.org).

Isn't that a bit sweeping?  You should be able to use, say,

  restrict default nomodify notrap nopeer
  restrict 127.0.0.1

without affecting anything, and maybe also add noserve and/or noquery
to the default depending on how tightly controlled you want to be.

-- 
                      Ronan Flood <R.Flood at noc.ulcc.ac.uk>
                        working for but not speaking for
             Network Services, University of London Computer Centre
     (which means: don't bother ULCC if I've said something you don't like)



More information about the questions mailing list