[ntp:questions] Re: "restrict" option : help
jdptr at cleanthisfree.fr
Fri Jun 24 09:52:27 UTC 2005
Richard B. Gilbert a écrit :
> Jojo wrote:
>> i don't understand what's wrong, i explain :
>> i have a ntp server serving my company.
>> it's wide open to the internet and I want to restrict this.
>> this is my ntp.conf :
>> # deny access to all by default
>> restrict default ignore
>> # me
>> restrict 127.0.0.1
>> # me, directly connected to the internet
>> restrict my.ntp.server.ip
>> # my network
>> restrict 172.16.0.0 mask 255.255.0.0 nomodify
>> # stratum 2 server
>> server ntp.johndoe.com
>> The problem is when I use ntpq -p
>> I see that ntp.johndoe.com stratum value is 16 (meaning unaccessible).
>> Have you got tips about this issue ?
> It's not clear from your message if you have done this or not!
> restrict <numeric IP address of ntp.johndoe.com> 255.255.255.255 nomodify.
> You MUST use the numeric IP address in each restrict statement!! If
> "# me, directly connected to the internet
> restrict my.ntp.server.ip "
> was intended to represent the actual numeric address, it was not
> sufficiently clear.
No I didn't, but I thought (since I use the statement "server
ntp.johndoe.com" ) it should have worked.
To use the IP address instead of DNS name in all restrict
statement is quite embarrasing, since the IP can change in
future. What do you think ?
More information about the questions