[EMAIL PROTECTED] wrote: > I'm looking at the documentation, subsection "Access Control Commands," > section "Access Control Options," at URL > http://www.eecis.udel.edu/~mills/ntp/html/accopt.html#cmd > > The doc states "The flags are not orthogonal, in that more restrictive > flags will often make less restrictive ones redundant." And then > > "noquery[:] Deny ntpq and ntpdc queries. Time service is not affected." > > "nomodify[:] Deny ntpq and ntpdc queries which attempt to modify the > state of the server (i.e., run time reconfiguration). Queries which > return information are permitted." > > A naive reading would indicate that noquery is stricter than nomodify, > hence if one has noquery, nomodify is redundant. >
It is redundant. In the case of noquery, the packet gets dropped. In the case of nomodify it accepts the packet from ntpdc but does not allow requests to make changes to be made to the configuration. > That, however, is contradicted by numerous examples on the web and > usenet. The examples aren't a contradiction, merely redundant as was commented above. Never assume that examples available on the net are correct or even useful. Without knowing what the specific examples are that you are asking about it's hard to comment further. > > So is the naive reading incorrect? No. Danny _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
