OK, The point was that I was hoping that there was some way of using a symbolic network name and variable netmask (CIDR) instead of hard coding raw IP addresses in an allow statement.
Any ideas on how this could be done in a chrony.conf file? Thanks.... -----Original Message----- From: Bill Unruh [mailto:un...@physics.ubc.ca] Sent: Monday, July 24, 2017 2:06 PM To: email@example.com Subject: -EXT-Re: [chrony-users] Using symbolic network names in /etc/chrony.conf file? William G. Unruh __| Canadian Institute for|____ Tel: +1(604)822-3273 Physics&Astronomy _|___ Advanced Research _|____ Fax: +1(604)822-5324 UBC, Vancouver,BC _|_ Program in Cosmology |____ un...@physics.ubc.ca Canada V6T 1Z1 ____|____ and Gravity ______|_ www.theory.physics.ubc.ca/ On Mon, 24 Jul 2017, Parker, Michael D. wrote: > > The chrony allow directive allows the addition of a symbolic hostname > in its specification. However, I took a leap in entering the following directive: > > allow hostname/16 > > which failed to do what I expected but no configuration file error was > flagged. If hostname is 10.10.10.10, my expectation was that the allow statement would apply to the entire 10.10.x.x network. That is not how a netmask ever works. If you have IP/n That means you have a netmask with the first n bits 1 and the rest 0. Another ip passes if ip AND netmask equals IP. But your example IT has 10.10 as the lower 32-16 bits. and ip AND 255.255.0.0 ALWAYS has the lower 16 bits equal to 0.0 and can never have them equal 10.10 Had you used 10.10.0.0/16 it might well have worked. but 10.10.10.10/16 can never ever be satisfied by any address. > > In this context, apparently the '/16' is ignored. Is there some way > that I could put basically a symbolic name in the /etc/chrony.conf file instead of IP numbers in a network context? The documentation gives no hint if this is possible. > If the hostnameip AND netmask=hostnameip then it would have a chance. Now I do not know if chrony accepts hostname/n as a valid network spec, but it would have to obey the above if it were to work. AFAIK. > > > > > >
Description: S/MIME cryptographic signature