[ntp:questions] issue about "restrict source"

Brian Utterback brian.utterback at oracle.com
Thu Mar 7 13:51:55 UTC 2013


On 3/7/2013 1:15 AM, Michael Tatarinov wrote:
> Hello
>
> I don't understand it's bug or feature?
>
> piece of ntp.conf
> restrict default ignore
> restrict source kod nomodify noquery notrap
> restrict -4 127.0.0.1
> restrict -6 ::1
> restrict 192.168.3.0 mask 255.255.255.0
> peer 192.168.3.33
>
> for 192.168.3.33 applies the "restrict source kod nomodify noquery
> notrap" rule not "restrict 192.168.3.0 mask 255.255.255.0".
> is it a bug or feature?

Feature. The "source" keyword creates a restrict entry for the exact IP 
address of the server. So it is as if there were a line that said:

restrict 192.168.3.33 kod nomodify noquery notrap

That is a closer match than

restrict 192.168.3.0 mask 255.255.255.0

so it gets used instead.

Brian.


More information about the questions mailing list