Carlos E. R. wrote:
On 2016-03-17 10:59, Per Jessen wrote:
Carlos E. R. wrote:
This is the full config paragraph:
[snip]
# By default, exchange time with everybody, but don't allow # configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1
# Clients from this (example!) subnet have unlimited access, but # only if cryptographically authenticated. restrict 192.168.1.0 mask 255.255.255.0 notrust
I understand it allows access to clients :-?
If I read it correctly, it says that this client will only accept time information from 192.168.1.0 when it's authenticated. Authenticated = both server and client use the same key.
No, I understand it allows time exchange without authentication with anybody in the world, and admin access on the LAN with authentication.
Unless the rule:
restrict -4 default kod notrap nomodify nopeer noquery
That one sets the default restrictions for IPv4.
is negated by the later rule:
restrict 192.168.1.0 mask 255.255.255.0 notrust
Not negated, but it overrides your default. -- Per Jessen, Zürich (11.3°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org