[ntp:questions] Re: I'm missing something about restrict

Richard B. Gilbert rgilbert88 at comcast.net
Sat May 28 22:36:01 UTC 2005

Scott Becker wrote:

> I've got a working time server for my building.
> I'm trying to use it to sync my other servers instead of them bugging 
> the public servers.
> I'm trying to specify them with the restrict line but still get denied.
> Here's my config file:
> # default config (with RHEL)
> restrict default nomodify notrap noquery
> restrict
> # my subnet - timeservice works from this
> restrict mask nomodify notrap
> # my host outside my subnet - it gets 'unreachable'
> restrict nomodify notrap
> # I added this but it didn't help
> server
> # the servers I'm syncing from
> server clock.via.net
> server bigben.ucsd.edu
> # rest of the default config
> server     # local clock
> fudge stratum 10
> driftfile /var/lib/ntp/drift
> broadcastdelay  0.008
> keys            /etc/ntp/keys
> I've read all I can about the restrict command and as far as I can 
> tell this should work but it don't.
>    Thanks
>    scottb
This may be too obvious but. . . .    Does it work without any restrict 
statements?   There are reasons for a server becoming unreachable that 
have nothing to do with restrict statements.

Does it work if you comment out your restrict default ignore?  If it 
works without that but with all your other restrict statements, one or 
more of your remaining restrict statements is too restrictive.

It's also helpful to mention what version of ntpd you are running; the 
semantics of the restrict statement changed between two recent versions; 
I believe it was between 4.1 and 4.2 but I can't swear to it.

More information about the questions mailing list