Dave Morgan <[email protected]> wrote: >> Yes I have the now default "restrict" lines, to remedy the DDOS problem. >> There are no specific restrict lines for my other servers. >> Do I need a specific one for the pool directive? > > add a 'source' restrict line ? > > excerpts from my ntp.conf > > pool 0.uk.pool.ntp.org iburst preempt > > # By default, exchange time with everybody, but don't allow configuration. > restrict default kod limited nomodify notrap nopeer noquery > restrict -6 default kod limited nomodify notrap nopeer noquery > restrict source limited nomodify notrap > > # Local users may interrogate the ntp server more closely. > restrict localhost > restrict 127.0.0.1 > restrict ::1 > > best regards > Dave
Ok but why do I need to remove the "nopeer" and "noquery" restrictions for a pool member? This does not appear to be necessary for a "server". Or is there some implicit restrict line for a server that is not there for a pool member? (it was my impression that "noquery" limits status queries, not time queries, and that "nopeer" is affecting only "peer" directives) _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
