[ntp:questions] NTP on small 100% Linux LAN : reasonable access control policy ?

Danny Mayer mayer at ntp.org
Mon Aug 2 12:24:34 UTC 2010


On 8/2/2010 3:56 AM, Niki Kovacs wrote:
> Danny Mayer a écrit :
> 
>>
>> Having read through this thread I still haven't found any explanation
>> for why you are doing this in the first place. Can you say what it is
>> you are trying to accomplish and why? You can get much better advice if
>> you tell us this. Otherwise may not need restrict statements at all.
>>
> 
> 1) I'm trying to impress my girlfriend by typing loads of unnecessary
> restrict statements in my ntp.conf.
> 

We don't know your girlfriend so we have no way of knowing whether or
not she would be impressed by the number of restrict statements. I
somehow get the feeling that she likes you for other reasons.

> 2) I'm desperately trying to get rid of a compulsive obsessional
> disorder, and I thought this USENET group would be helpful.

Unfortunately this USENET group is full of compulsive obsessive freaks
desparately trying to keep their system clocks as close as they can to
UTC. If they had the money they would buy atomic clocks, but since they
don't they join this group to commiserate with their fellow compulsives.
So you just joined a support group.

> 3) I'm new to NTP, and after having read through a few tutorials, I'm
> vaguely thinking about security (like : limiting access to local
> services), so I thought I asked on this list.
> 

If you just want the servers/clients to supply time to an internal group
of systems, you can set up the restricts to allow access only to the
subnet but you must allow in the answers to external requests otherwise
they will get dropped. The recent addition of restrict source helps with
that.

Danny

> Choose your answer :o)
> 
> Cheers from the rainy South of France,
> 
> Niki




More information about the questions mailing list