在Linux系统下NTP的标准配置中,许多关于同步的方式不同,注意以下要点:
如果不想让其它任何服务器访问本机的NTP服务:此配置也将造成本地的NTP无法访问外部的NTP服务:
If you want to deny all machines from accessing your NTP server, add the following line to /etc/ntp.conf:
restrict default ignore
如果允许本地的服务器访问本机的NTP服务,配置如下:
If you only want to allow machines within your own network to synchronize their clocks with your server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add
restrict 192.168.1.0 mask 255.255.255.0 nomodify(限制修改) notrap(限制trap) noquery(限制查询) 注:应当解除noquery
其中default为0.0.0.0/0
restrict default nomodify notrap
有些情况下,除非取消notrust/nomodify/notrap配置,client段的ntp服务才能有效工作。