[ntp:questions] Linux client ntp

Harlan Stenn stenn at ntp.isc.org
Sun Apr 15 20:05:13 UTC 2007


Hi Riccardo,

> I read document at URL http://ntp.isc.org/Support/AccessRestrictions and I'm
> confused in " 6.5.1.2.1. If you used =restrict default ignore= " section.
> If I used "restrict default ignore", document says to add "restrict
> 127.0.0.1" to allow unrestricted access from the localhost. OK;
> then it says to repeat the following two lines for each remote time server:
> IPv4: server x.y.z.w
> IPv4: restrict x.y.z.w [nomodify notrap nopeer noquery]
> 
> Note: "There is no harm in adding the restrictions shown in brackets but
> keep in mind that if you are accepting time from someone it may be
> considered courteous to allow them to see a bit of information about their
> client.
> 
> I don't understand because there also is "nomodify" option inside brackets.
> If added "nomodify" option(as I told you in previous message) I think it
> would not be permitted to ntpd to use time information (sent from specified
> "x.y.z.w" server) to set local clock. If I want to receive time from
> external servers I presume that ntpd can be modified from those servers.
> Do you agree ?

Yes.  Sometimes people want to use a server for *tracking* purposes only
but they do not want to accept time from that server.  The 'nomodify'
parameter is one of the optional bits.

I'm wondering if it would be better to put some/each of those keywords
in separate [] blocks.

H



More information about the questions mailing list