[ntp:questions] adding access restrictions to the windows ntp config

E-Mail Sent to this address will be added to the BlackLists Null at BlackList.Anitech-Systems.invalid
Wed Feb 15 21:43:39 UTC 2012


Ron Frazier (NTP) wrote:
> In my research operating ntpd on Windows and Linux, I
>  discovered that the default ntp.conf installed by
>  Meinberg does not have any access restrictions.
> I think it would be a good idea to add this to your file
>  unless you require more liberal access for your LAN, etc.
> This is the default setup for my Ubuntu Linux machines.
>
> # By default, exchange time with everybody, but don't allow configuration.
----------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> restrict -4 default kod notrap nomodify nopeer noquery
> restrict -6 default kod notrap nomodify nopeer noquery
-------------------------------------------------^^^^^^^
> # allow unrestricted access from the localhost (so that you may monitor ntpd
> # and perform on-the-fly configuration changes with ntpdc)
> # Local users may interrogate the ntp server more closely.
> # IPv4
> restrict 127.0.0.1
> # IPv6
> restrict -6 ::1

Unless I misreading the above (somehow),
 that would be a client only config,
 as it would not permit queries by _any_ other clients.


What about e.g. restrict source nomodify ?
 ... to avoid issues when configuring servers / pools
      where the DNS query may return more than one IP?

-- 
E-Mail Sent to this address <BlackList at Anitech-Systems.com>
  will be added to the BlackLists.



More information about the questions mailing list