> I've been trying all afternoon to figure out how to use "restrict limited" =
> and=20
> "discard" to get my server (which is participating in pool.ntp.org) to igno=
> re=20
> abusive users.
>
> My ntp.conf looks similar to:
>
> restrict default kod nomodify notrap nopeer limited
> # Some mailing list message recommended trusting yourself
> restrict 127.0.0.1
> discard
>
> =46rom what I've seen, I thought the "discard" and "restrict limited" optio=
> ns
> should drop clients that hit the server too hard. And yet:
>
> $ sudo tcpdump -n port 123 and host 71.10.124.9
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
> 17:56:26.109620 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length=
> 48
> 17:56:26.109842 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length=
> 48
<and so on>
> What am I missing? What exactly do the "average" and "minimum" options to
> "limited" mean? I think I know, but the wording is a little confusing
> to me.
I think average and minimum are the stats reported by the ntpdc monlist
command for avging and lstint.
Your configuration file looks fine to me. You've probably hit the issue
that has been spoken about many times on this list: ntpd can't do anything
about a client that won't obey KOD packets. The NTP packets are UDP,
so there's no connection session to terminate either. The packets will just
keep coming.
Cheers,
- Joel
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
