On 2015-01-19, David Taylor <[email protected]> wrote: > It's me, not you, but with the following statements in ntp.conf: > > restrict source notrap nomodify nopeer query > restrict 127.0.0.1 > restrict ::1 > restrict 192.168.0.0 mask 255.255.255.0 peer > > I get errors flagged at the points marked with "X" below:
And where did you get either query or peer as possible options? If you do NOT mention something it is allowed. If you want to allow queries from anywhere, simply do not mention noquery. (Yes, it is an ass backwards apparent double negative) So without noquery ( and certainly without the non-esictant option query) the first ine would allow queries from anywhere. The second would allow anything from localhost, the third the same in ipv6 talk, and the fourth would allow anything from that address range. > > restrict source notrap nomodify nopeer Xquery > restrict 192.168.0.0 mask 255.255.255.0 Xpeer > > My intention was: > > - not allow external access, except for using external nodes as servers, > just as if I only had Internet sources. These do not restrict your access to external stuff, it restricts external access to your system. You want noquery in there. Yes, you are being fooled by the stupid apparent double negative. Restrict ... noquery, does not mean "do not allow noqueries-- ie allow queries" It means "place restrictions on that addreess, and the restriction is to allow no queries. The second line means place restrictions on locahost, and those restrictions are none (ie no restrictions). At least that is how I understand it, and it could well be wrong. > > - to allow full access to any PC on 192.168.0. so that the PC could use > the server as a client, and issue ntpq commands against it, in > particular: ntpq -crv and ntpq -pn So get rid of the "peer" > > I've tried reading the documentation, but it has failed to enlighten me > sufficiently! You just have to stand on your head and wave your feet around vigourously, and all will be clear! > _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
