[ntp:questions] Restrict statements and the "pool" directive

David Taylor david-taylor at blueyonder.co.uk.invalid
Sun Dec 21 14:19:10 UTC 2014


On 21/12/2014 11:17, Terje Mathisen wrote:
[]
> 'restrict source' is the proper way to do it, as long as you have a
> version which supports that command.
>
> Terje

Thanks, Rob & Terje, that did the job.  Almost!

The except was that if you have a local node defined as a server, and 
you want that node to be able to issue ntpq commands, it seems that the 
configuration I suggested blocks this, even adding "query" to the 
192.168.0.0 line:

restrict default notrap nomodify nopeer noquery
restrict 192.168.0.0 mask 255.255.255.0 peer query

so I needed to make it:

restrict default notrap nomodify nopeer query
restrict 192.168.0.0 mask 255.255.255.0 peer

Perhaps I did something wrong?

These systems are unlikely to be connected as Internet-facing servers, 
so it more a learning exercise for me, but I need to know what to 
recommend to others.
-- 
Cheers,
David
Web: http://www.satsignal.eu



More information about the questions mailing list