summaryrefslogtreecommitdiffstats
path: root/contrib/ntp/html/accopt.htm
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ntp/html/accopt.htm')
-rw-r--r--contrib/ntp/html/accopt.htm219
1 files changed, 219 insertions, 0 deletions
diff --git a/contrib/ntp/html/accopt.htm b/contrib/ntp/html/accopt.htm
new file mode 100644
index 0000000..d64a0d1
--- /dev/null
+++ b/contrib/ntp/html/accopt.htm
@@ -0,0 +1,219 @@
+<HTML>
+<HEAD>
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+ <META NAME="GENERATOR" CONTENT="Mozilla/4.01 [en] (Win95; I) [Netscape]">
+ <TITLE>Access Control Options
+</TITLE>
+</HEAD>
+<BODY>
+
+<H3>
+Access Control Options</H3>
+
+<HR>
+<H4>
+Access Control Support</H4>
+<TT>ntpd</TT> implements a general purpose address-and-mask based restriction
+list. The list is sorted by address and by mask, and the list is searched
+in this order for matches, with the last match found defining the restriction
+flags associated with the incoming packets. The source address of incoming
+packets is used for the match, with the 32-bit address being and'ed with
+the mask associated with the restriction entry and then compared with the
+entry's address (which has also been and'ed with the mask) to look for
+a match. Additional information and examples can be found in the <A HREF="notes.htm">Notes
+on Configuring NTP and Setting up a NTP Subnet </A>page.
+
+<P>The restriction facility was implemented in conformance with the access
+policies for the original NSFnet backbone time servers. While this facility
+may be otherwise useful for keeping unwanted or broken remote time servers
+from affecting your own, it should not be considered an alternative to
+the standard NTP authentication facility. Source address based restrictions
+are easily circumvented by a determined cracker.
+<H4>
+Access Control Commands</H4>
+
+<DL>
+<DT>
+<TT>restrict <I>numeric_address</I> [mask <I>numeric_mask</I>] [<I>flag</I>]
+[...]</TT></DT>
+
+<DD>
+The <I><TT>numeric_address</TT></I> argument, expressed in dotted-quad
+form, is the address of an host or network. The <I><TT>mask</TT></I> argument,
+also expressed in dotted-quad form, defaults to <TT>255.255.255.255</TT>,
+meaning that the <I><TT>numeric_address</TT></I> is treated as the address
+of an individual host. A default entry (address <TT>0.0.0.0</TT>, mask
+<TT>0.0.0.0</TT>) is always included and, given the sort algorithm, is
+always the first entry in the list. Note that, while <I><TT>numeric_address</TT></I>
+is normally given in dotted-quad format, the text string <TT>default</TT>,
+with no mask option, may be used to indicate the default entry.</DD>
+
+<DD>
+In the current implementation, <I><TT>flag</TT></I> always restricts access,
+i.e., an entry with no flags indicates that free access to the server is
+to be given. The flags are not orthogonal, in that more restrictive flags
+will often make less restrictive ones redundant. The flags can generally
+be classed into two catagories, those which restrict time service and those
+which restrict informational queries and attempts to do run-time reconfiguration
+of the server. One or more of the following flags may be specified:</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DL>
+<DT>
+<TT>ignore</TT></DT>
+
+<DD>
+Ignore all packets from hosts which match this entry. If this flag is specified
+neither queries nor time server polls will be responded to.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>noquery</TT></DT>
+
+<DD>
+Ignore all NTP mode 6 and 7 packets (i.e. information queries and configuration
+requests) from the source. Time service is not affected.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>nomodify</TT></DT>
+
+<DD>
+Ignore all NTP mode 6 and 7 packets which attempt to modify the state of
+the server (i.e. run time reconfiguration). Queries which return information
+are permitted.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>notrap</TT></DT>
+
+<DD>
+Decline to provide mode 6 control message trap service to matching hosts.
+The trap service is a subsystem of the mode 6 control message protocol
+which is intended for use by remote event logging programs.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>lowpriotrap</TT></DT>
+
+<DD>
+Declare traps set by matching hosts to be low priority. The number of traps
+a server can maintain is limited (the current limit is 3). Traps are usually
+assigned on a first come, first served basis, with later trap requestors
+being denied service. This flag modifies the assignment algorithm by allowing
+low priority traps to be overridden by later requests for normal priority
+traps.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>noserve</TT></DT>
+
+<DD>
+Ignore NTP packets whose mode is other than 6 or 7. In effect, time service
+is denied, though queries may still be permitted.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>nopeer</TT></DT>
+
+<DD>
+Provide stateless time service to polling hosts, but do not allocate peer
+memory resources to these hosts even if they otherwise might be considered
+useful as future synchronization partners.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>notrust</TT></DT>
+
+<DD>
+Treat these hosts normally in other respects, but never use them as synchronization
+sources.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>limited</TT></DT>
+
+<DD>
+These hosts are subject to limitation of number of clients from the same
+net. Net in this context refers to the IP notion of net (class A, class
+B, class C, etc.). Only the first <TT>client_limit</TT> hosts that have
+shown up at the server and that have been active during the last <TT>client_limit_period</TT>
+seconds are accepted. Requests from other clients from the same net are
+rejected. Only time request packets are taken into account. Query packets
+sent by the <TT>ntpq</TT> and <TT>ntpdc</TT> programs are not subject to
+these limits. A history of clients is kept using the monitoring capability
+of <TT>ntpd</TT>. Thus, monitoring is always active as long as there is
+a restriction entry with the <TT>limited</TT> flag.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>ntpport</TT></DT>
+
+<DD>
+This is actually a match algorithm modifier, rather than a restriction
+flag. Its presence causes the restriction entry to be matched only if the
+source port in the packet is the standard NTP UDP port (123). Both <TT>ntpport</TT>
+and <TT>non-ntpport</TT> may be specified. The <TT>ntpport</TT> is considered
+more specific and is sorted later in the list.</DD>
+
+<DD>
+&nbsp;</DD>
+</DL>
+
+<DD>
+Default restriction list entries, with the flags <TT>ignore, ntpport</TT>,
+for each of the local host's interface addresses are inserted into the
+table at startup to prevent the server from attempting to synchronize to
+its own time. A default entry is also always present, though if it is otherwise
+unconfigured; no flags are associated with the default entry (i.e., everything
+besides your own NTP server is unrestricted).</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>clientlimit <I>limit</I></TT></DT>
+
+<DD>
+Set the <TT>client_limit</TT> variable, which limits the number of simultaneous
+access-controlled clients. The default value for this variable is 3.</DD>
+
+<DD>
+&nbsp;</DD>
+
+<DT>
+<TT>clientperiod <I>period</I></TT></DT>
+
+<DD>
+Set the <TT>client_limit_period</TT> variable, which specifies the number
+of seconds after which a client is considered inactive and thus no longer
+is counted for client limit restriction. The default value for this variable
+is 3600 seconds.</DD>
+</DL>
+
+<HR>
+<ADDRESS>
+David L. Mills (mills@udel.edu)</ADDRESS>
+
+</BODY>
+</HTML>
OpenPOWER on IntegriCloud