Mailinglist Archive: opensuse (982 mails)

< Previous Next >
[opensuse] Re: ntp default restrict options - seems to block broadcastclient ?
Marcus Meissner wrote:
On Wed, Sep 24, 2014 at 08:22:52AM +0200, Per Jessen wrote:
Are you sure those are the only restrictions?
Some suggest you also need a line to allow management from locolhost
and specific server lines for it to query.

server ntp.ubuntu.com

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

restrict 127.0.0.1
restrict ::1
restrict <some-ip-that-y0u-trust> <-------
Right, the complete set is:

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
So make sure your ntp server is not reachable from outside your network if
you use this, or use more finegrained controls.
My client setup:

broadcastclient
disable auth
----
Somehow, when this came up for me, (call from ISP, "could you stop your NTP
from being a contributor"...)...
I ended up with:

disable monitor
discard 3 1 67 ignore kod noquery nomodify
restrict default ignore kod nomodify notrap noquery
restrict -6 default ignore kod nomodify notrap noquery nopeer
restrict 192.168.3.0 mask 255.255.255.0
restrict 192.168.4.0 mask 255.255.255.0
restrict 127.0.0.1
restrict 173.164.175.66
---
which seemed to satisfy my ISP, but still looks like "Greek" to me...
---
I.e. I wanted my edge server to serve 'time' outside but not be "misused".


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >