On Wed, Sep 24, 2014 at 08:22:52AM +0200, Per Jessen wrote:
John Andersen wrote:
On 9/23/2014 10:23 AM, Per Jessen wrote:
The current openSUSE packaged NTP config contains the following:
restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery
When they're enabled, ntp doesn't sync to my broadcast. Only when I comment them out does it work.
Which one of "default kod notrap nomodify nopeer noquery" is preventing my broadcast sync?
thanks Per
Are you sure those are the only restrictions? Some suggest you also need a line to allow management from locolhost and specific server lines for it to query.
server ntp.ubuntu.com
restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1 restrict ::1 restrict <some-ip-that-y0u-trust> <-------
Right, the complete set is:
restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery restrict 127.0.0.1 restrict ::1
Through trial&error I was able to determine that my broadcast worked when I commented out the two top ones.
This will reenable the remote denial of service amplification possibility against your machine if reachable from the outside world. http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launchin... So make sure your ntp server is not reachable from outside your network if you use this, or use more finegrained controls.
My client setup:
broadcastclient disable auth
Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org