[EMAIL PROTECTED] wrote: > Steve Kostecke wrote: > >>On 2007-01-16, Gushi <[EMAIL PROTECTED]> wrote: >> >> >>>restrict default ignore >>>restrict 127.0.0.1 >>>server 0.us.pool.ntp.org >>>server 1.us.pool.ntp.org >>>server 2.us.pool.ntp.org >> >>This won't work at all. You've told ntpd to ignore all NTP packets from >>any possible source. And you've not told it to accept NTP packets from >>your time servers. >> >>Please read http://ntp.isc.org/Support/AccessRestrictions and follow the >>"decision tree" for setting your default restriction. > > > Maybe someone can educate me (and Steve you've done a good job at this > in the past), but I see the "I've restricted even the servers I > specified from telling me what time it is" question come up regularly > in these discussions. Is there some website, or some old set of man > pages, or some popular book, or something out there that causes this > same question to occur over and over and over again? > > Tim. >
I think it's just the documentation and the way people treat it. They read just enough to find out how to write a restrict statement or they copy all the restrict statements from several examples. The documentation DOES explain what these statements do. It DOES give some advice on how to do it right. People come from the Windoze world with the idea that "I've got to lock this down so no one, anywhere, can hack it." Of course they're in a hurry to get it working. . . . It doesn't help that the semantics of "restrict notrust" changed between 4.0 and 4.1. It would have been far better to introduce a new keyword. I never had a problem with restrict statements but I read and understood the documentation before I wrote my first one. _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
