On Thu, Jul 18, 2019 at 10:59:04AM +0200, Rob Janssen wrote:
> The noserve was added for this purpose. According to the documentation this
> should reply with KoD to refused traffic (including time requests due to the
> noserve).
> However, it just drops the requests and sends no reply.
>
> Anyone knowing how to do it? At first I had an "old" ntpd from the
> distributor, but I compiled ntpd 4.2.8p13 from source and it does the same
> thing.
IIRC ntpd removed support for responding with KoD DENY to hosts
matching the "noserve" restriction a long time ago. Probably for a
good reason.
If you want to try it anyway, here is a simple IPv6-only server in
python that does that.
#!/usr/bin/python3
import os, socket
sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
sock.bind(("::", 123))
while True:
request, address = sock.recvfrom(48)
if len(request) < 48 or request[0] & 7 not in (1, 3) or \
(request[0] >> 3) & 7 not in (1, 2, 3, 4):
continue
response = b'\xe4\x00\x0a' + 9 * b'\x00' + b'DENY' + 4 * request[40:48]
try:
sock.sendto(response, address)
except Exception as e:
print(e)
--
Miroslav Lichvar
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
