On Friday, July 28, 2023 at 9:48:35 PM UTC, Dave Hart wrote:
> You can do the equivalent using ntpq's remote configuration command ":config".
> ntpq -c "keyid 99" -c "passwd myntpqpasswd" -c ":config restrict 10.11.12.13"
That's not quite what I'm asking about.
On my system, your example does not delete an access control entry.
It adds an access control entry for 10.11.12.13, with no flags set -- or
updates an existing entry, if present:
$ ntpq -n -c 'keyid 99' -c 'passwd' -c ':config restrict 10.11.12.13'
MD5 Password:
Config Succeeded
$ ntpdc -n -c 'keyid 99' -c 'passwd' -c 'reslist' | grep 10.11.12.13
MD5 Password:
10.11.12.13 255.255.255.255 0 none
$
It is a useful thing to do when the "default" entry has restrictive flags set.
It punches a hole for a trusted host.
But later, when you want to patch that hole, that's where "delrestrict" comes
in.
It drops the access control entry, letting the "default" entry take over.
$ ntpdc -n -c 'keyid 99' -c 'passwd' -c 'delrestrict 10.11.12.13
255.255.255.255'
MD5 Password:
done!
$ ntpdc -n -c 'keyid 2' -c 'passwd' -c 'reslist' | grep 10.11.12.13
MD5 Password:
$
Deleting an access control entry (not: adding a no-flags entry) is what I'm
trying to find equivalent functionality for in ntpq.
Cheers!
Edward
--
This is questions@lists.ntp.org
Subscribe: questions+subscr...@lists.ntp.org
Unsubscribe: questions+unsubscr...@lists.ntp.org
