But due to another ridiculous way of implementing that, the Juniper KB article suggests to also allow: <router-loopback-address>; and not only your favorite ntp servers...
Because if you don't do it, you'll obtain some nice "Server Timeout" if you want to issue a "show ntp status" or "show ntp associations". So: - Junos doesn't use 127.0.0.1 to locally communicate with ntpd - In you filters you're obliged to manually authorize internal private IP traffic used by the CLI and that doesn't even leave the RE Another fine design... -- Olivier Le 14 janv. 2014 à 03:10, John Kristoff <[email protected]> a écrit : > On Tue, 14 Jan 2014 12:38:12 +1100 > Mark Tees <[email protected]> wrote: > >> Can we get detailed lo0 filters listed too please? > > Hi Mark, > > While I'll defer to Juniper for their recommendations, we've had this > for some time (scroll down to the Juniper section): > > <http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html> _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
