[ntp:questions] NTP not syncing

Brian Inglis Brian.Inglis at SystematicSw.ab.ca
Mon Nov 25 22:48:40 UTC 2013

On 2013-11-24 18:05, Antonio Marcheselli wrote:
>> 'restrict' sets a null restriction set for that address.
>> IOW it removes all restrictions.
> Thanks Steve.
> I had a look at the 'restrict' parameters; the line I have is
> restrict mask nomodify

As David implied earlier - if a bit is zero in the mask it must be zero in the address!
Mask is for unrestricting a subnet - in this case => .0-.255.
If you want to change restrictions for a single address do not use any mask,
so it defaults to the mask for a single address.

> which I understand prevents from modifying the NTP configuration, is that correct?

You need to start by blocking everything:
	restrict default kod limited nomodify notrap nopeer noquery
to block most stuff from most places, as the default is allow everything from everywhere,
equivalent to:
	restrict mask	# notice no restrictions!!!
for other NTP servers add:
	restrict name kod limited nomodify notrap
then allow the localhost to change anything:
	restrict	# allow ipv4 localhost
	restrict ::1		# allow ipv6 localhost6
and if you have other admin servers you can add similar statements with their DNS names.

I look forward to others correcting any bad assumptions I picked up from old releases. ;^>
Take care. Thanks, Brian Inglis

More information about the questions mailing list