[ntp:questions] NTP on small 100% Linux LAN : reasonable access control policy ?

Rob nomail at example.com
Sun Aug 1 10:01:13 UTC 2010


Niki Kovacs <mickey at mouse.com> wrote:
> If I understand correctly, things can be done in a manner similar to 
> iptables.
>
> 1) First block off everything with 'restrict default ignore'.
>
> 2) Then allow localhost to use NTP in an unlimited way with 'restrict 
> 127.0.0.1'.
>
> 3) Then allow only what has to be allowed specifically.

There is no need to do that.
The time service is not something valuable that you want to keep all
others away from.
Just allow everyone to sync from your server, and unless you start
advertising your service you will have no problem at all.

restrict default nomodify nopeer notrap
restrict 127.0.0.1




More information about the questions mailing list