On 30/01/2017 20:14, Antonio Marcheselli wrote:
Hello all
[First, I am using google groups, in the past I was told it was causing hassle
in terms of formatting but BT have discontinued their news server and I am
unable to find an alternative - apologies if these messages are not properly
formatted.]
I am looking for some advice on the RESTRICT parameter.
My configuration file has the following line in it:
restrict 172.20.0.0 mask 255.255.0.0 notrust noquery nomodify nokod
With the above, a server on 172.20.21.11 was unable to poll the time.
I checked on a working configuration and found the below
restrict 172.20.0.0/16 mask 255.255.0.0 notrust noquery nomodify nokod
but I am concerned that the /16 bit is simply making the whole line void which
would explain why it's then working.
Basically, I need the 'nokod'. For umpteen reasons, I want the NTP server to
never ban any client on the LAN. But I thought that a little restriction would
be good practice too.
Could you please tell me if the /16 is indeed required or whether I have just
made the whole line void?
Thanks for your help!
Antonio,
For a free text-only news server, try Eternal September:
https://www.eternal-september.org/
although it seems its security certificate might not be correct.
I'm confused by NTP's restrict lines, but I was advised that these allow
LAN-only access:
# Suggestions for NTP restrictions (accepting ntpq commands from the LAN):
restrict source notrap nomodify nopeer
restrict 127.0.0.1
restrict ::1
restrict 192.168.0.0 mask 255.255.255.0
Perhaps that helps?
--
Cheers,
David
Web: http://www.satsignal.eu
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
