Ron Frazier (NTP) wrote:
> In my research operating ntpd on Windows and Linux, I
> discovered that the default ntp.conf installed by
> Meinberg does not have any access restrictions.
> I think it would be a good idea to add this to your file
> unless you require more liberal access for your LAN, etc.
> This is the default setup for my Ubuntu Linux machines.
>
> # By default, exchange time with everybody, but don't allow configuration.
----------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> restrict -4 default kod notrap nomodify nopeer noquery
> restrict -6 default kod notrap nomodify nopeer noquery
-------------------------------------------------^^^^^^^
> # allow unrestricted access from the localhost (so that you may monitor ntpd
> # and perform on-the-fly configuration changes with ntpdc)
> # Local users may interrogate the ntp server more closely.
> # IPv4
> restrict 127.0.0.1
> # IPv6
> restrict -6 ::1
Unless I misreading the above (somehow),
that would be a client only config,
as it would not permit queries by _any_ other clients.
What about e.g. restrict source nomodify ?
... to avoid issues when configuring servers / pools
where the DNS query may return more than one IP?
--
E-Mail Sent to this address <[email protected]>
will be added to the BlackLists.
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
