Niki Kovacs <mic...@mouse.com> wrote: > If I understand correctly, things can be done in a manner similar to > iptables. > > 1) First block off everything with 'restrict default ignore'. > > 2) Then allow localhost to use NTP in an unlimited way with 'restrict > 127.0.0.1'. > > 3) Then allow only what has to be allowed specifically.
There is no need to do that. The time service is not something valuable that you want to keep all others away from. Just allow everyone to sync from your server, and unless you start advertising your service you will have no problem at all. restrict default nomodify nopeer notrap restrict 127.0.0.1 _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions