William G. Unruh __| Canadian Institute for|____ Tel: +1(604)822-3273
Physics&Astronomy _|___ Advanced Research _|____ Fax: +1(604)822-5324
UBC, Vancouver,BC _|_ Program in Cosmology |____ un...@physics.ubc.ca
Canada V6T 1Z1 ____|____ and Gravity ______|_ www.theory.physics.ubc.ca/

On Mon, 24 Jul 2017, Parker, Michael D. wrote:


The chrony allow directive allows the addition of a symbolic hostname in its 
specification. However, I took a leap in entering
the following directive:

allow hostname/16

which failed to do what I expected but no configuration file error was flagged. 
If hostname is 10.10.10.10, my expectation was
that the allow statement would apply to the entire 10.10.x.x network.

That is not how a netmask ever works. If you have IP/n That means you have a
netmask with the first n bits 1 and the rest 0. Another ip passes if
ip AND netmask equals IP. But your example IT has 10.10 as the lower 32-16 bits. and ip AND 255.255.0.0
ALWAYS has the lower 16 bits equal to 0.0 and can never have them equal 10.10

Had you used 10.10.0.0/16 it might well have worked. but 10.10.10.10/16 can
never ever be satisfied by any address.



In this context, apparently the '/16' is ignored. Is there some way that I 
could put basically a symbolic name in the
/etc/chrony.conf file instead of IP numbers in a network context? The 
documentation gives no hint if this is possible.

If the hostnameip AND netmask=hostnameip then it would have a chance. Now I do
not know if chrony accepts  hostname/n as a valid network spec, but it would
have to obey the above if it were to work.

AFAIK.


 

 


Reply via email to