[ntp:questions] Restrict statements and the "pool" directive
David Taylor
david-taylor at blueyonder.co.uk.invalid
Sun Dec 21 14:19:10 UTC 2014
On 21/12/2014 11:17, Terje Mathisen wrote:
[]
> 'restrict source' is the proper way to do it, as long as you have a
> version which supports that command.
>
> Terje
Thanks, Rob & Terje, that did the job. Almost!
The except was that if you have a local node defined as a server, and
you want that node to be able to issue ntpq commands, it seems that the
configuration I suggested blocks this, even adding "query" to the
192.168.0.0 line:
restrict default notrap nomodify nopeer noquery
restrict 192.168.0.0 mask 255.255.255.0 peer query
so I needed to make it:
restrict default notrap nomodify nopeer query
restrict 192.168.0.0 mask 255.255.255.0 peer
Perhaps I did something wrong?
These systems are unlikely to be connected as Internet-facing servers,
so it more a learning exercise for me, but I need to know what to
recommend to others.
--
Cheers,
David
Web: http://www.satsignal.eu
More information about the questions
mailing list