[ntp:questions] NTP on small 100% Linux LAN : reasonable access control policy ?

Niki Kovacs mickey at mouse.com
Sun Aug 1 12:40:55 UTC 2010


David Lord a écrit :
> 
> # servers previous to July 2010 had: restrict default noquery
> # but now to reduce number of sites sending too frequent polls
> restrict default kod nomodify notrap nopeer
> 
> # for local public lan segments
> restrict a.b.c.d mask 255.255.255.0
> restrict e.f.g.h mask 255.255.255.0
> 
> # for private lan segments
> restrict s.t.u.v mask 255.255.255.0
> restrict w.x.y.z mask 255.255.255.0
> 
> # for localhost
> restrict 127.0.0.1
> restrict -6 ::1 # only if ipv6 enabled
> 
> Servers have ntp traffic restricted by firewall rules and
> in addition clients are behind NAT.
> 
> Client pcs (including laptops when used remote) are pointed to
> my own servers. I think some have same restrict lines as
> servers and others may have minimum:
> restrict default noquery
> restrict 127.0.0.1
> restrict -6 ::1 # only if ipv6 enabled
> 

Oh wow. Thanks very much for that detailed explanation. I'll try it out 
this afternoon.

Niki




More information about the questions mailing list