Carlos E. R. [18.03.2016 10:27]:
On 2016-03-17 16:22, Per Jessen wrote:
Carlos E. R. wrote:
Unless the rule:
restrict -4 default kod notrap nomodify nopeer noquery
That one sets the default restrictions for IPv4.
is negated by the later rule:
restrict 192.168.1.0 mask 255.255.255.0 notrust
Not negated, but it overrides your default.
Yes, I had to disable that line, and now my ntp server is working correctly:
Telcontar:~ # rcntp status remote refid st t when poll reach delay offset jitter ============================================================================== LOCAL(0) .LOCL. 10 l 52 64 1 0.000 0.000 0.002 *AmonLanc.valino 37.187.56.220 3 u 41 64 1 0.269 0.027 0.013 <=== hora.ngn.rima-t 172.20.47.7 5 u 50 64 1 14.781 -7.252 0.002 ntp.redimadrid. 193.147.107.33 2 u 49 64 1 18.979 1.641 0.002 de1.ntp.trinler 36.224.68.195 2 u 48 64 1 53.385 1.676 0.002 i2t15.i2t.ehu.e .GPS. 1 u 47 64 1 34.798 1.761 0.002
....
That rule I had is default in the ntp config. It is absurd to disable local time queries for non authenticated clients on the local LAN, when any client on the whole internet has access.
I should have to check what is the default on Leap, and then perhaps report a bug.
The default in Leap is "By default, exchange time with everybody, but don't allow configuration." and "Local users may interrogate the ntp server more closely.". The line "restrict ... notrust" is a comment only and is meant as an example. And there is also the section # Access control configuration; see /usr/share/doc/packages/ntp/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. I don't see a reason to file a bug. The restriction that caused the malfunction was delivered as a comment. Werner -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org