Niki Kovacs wrote:
David Lord a écrit :
# servers previous to July 2010 had: restrict default noquery
# but now to reduce number of sites sending too frequent polls
restrict default kod nomodify notrap nopeer
# for local public lan segments
restrict a.b.c.d mask 255.255.255.0
restrict e.f.g.h mask 255.255.255.0
# for private lan segments
restrict s.t.u.v mask 255.255.255.0
restrict w.x.y.z mask 255.255.255.0
# for localhost
restrict 127.0.0.1
restrict -6 ::1 # only if ipv6 enabled
Servers have ntp traffic restricted by firewall rules and
in addition clients are behind NAT.
Client pcs (including laptops when used remote) are pointed to
my own servers. I think some have same restrict lines as
servers and others may have minimum:
restrict default noquery
restrict 127.0.0.1
restrict -6 ::1 # only if ipv6 enabled
Oh wow. Thanks very much for that detailed explanation. I'll try it out
this afternoon.
Above server configuration is same as I use but it is open
to public access if you aren't firewalled or behind nat.
Your 'restrict default ignore' for server config could be a
safer option if you are open to the internet. I made use of
the firewall default deny for incoming connections up until
adding rules to allow ntp requests some weeks before I
joined the pool. I didn't notice any incoming requests other
than from my own remote connections during the few weeks
period before my ips were added to the pool dns rotation.
David
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
