[ntp:questions] NTP on small 100% Linux LAN : reasonable access control policy ?

Danny Mayer mayer at ntp.org
Mon Aug 2 04:02:09 UTC 2010


On 8/1/2010 11:24 AM, Niki Kovacs wrote:
> I experimented for a few hours with a local "sandbox" network, and
> here's the configuration I finally found out.
> 
> Server (192.168.1.2 = bernadette):
> 
> --8<---- /etc/ntp.conf ----------------
> 
> driftfile /var/lib/ntp/drift
> logfile /var/log/ntp.log
> 
> server 0.fr.pool.ntp.org
> server 1.fr.pool.ntp.org
> server 2.fr.pool.ntp.org
> server 3.fr.pool.ntp.org
> 
> restrict default kod nomodify notrap nopeer
> restrict 127.0.0.1
> restrict 192.168.1.0 mask 255.255.255.0
> 
> --8<-----------------------------------
> 
> 
> Client (192.168.1.3 = raymonde):
> 
> --8<---- /etc/ntp.conf ----------------
> 
> driftfile /var/lib/ntp/drift
> logfile /var/log/ntp.log
> 
> server bernadette
> 
> restrict default ignore
> restrict 127.0.0.1
> restrict bernadette
> 
> --8<-----------------------------------
> 
> If I understand correctly, the whole setup works OK as soon as ntpq -p
> shows me a list of servers, and at least one of them has a little * star
> in front of the line (which can take a few minutes to appear).
> 
> I'm open for suggestions if there's something wrong with my setup.
> 
> Cheers from the sunny South of France,
> 
> Niki

Having read through this thread I still haven't found any explanation
for why you are doing this in the first place. Can you say what it is
you are trying to accomplish and why? You can get much better advice if
you tell us this. Otherwise may not need restrict statements at all.

Danny



More information about the questions mailing list