CentOS - Dec 2016 - chronyd configuration as a local ntp server

This is for centos 7 that has chronyd 2.1.1

I am looking into how to use chronyd as my local ntp server.

On my old servers with ntpd I had local access control lines like:

restrict 192.168.128.0 mask 255.255.255.0 nomodify notrap


But in looking for documentation on chronyd I did not find anything on 
this at:

https://chrony.tuxfamily.org/doc/2.1/manual.html

In the actual /etc/chronyd.conf there is the sample line:

# Allow NTP client access from local network.
#allow 192.168/16

Does this allow only allow queries?  Does chronyd support the 'restrict'
option?

thank you

On Mon, Dec 26, 2016 at 11:04:22PM -0500, Robert Moskowitz
wrote:
> This is for centos 7 that has chronyd 2.1.1
> 
> I am looking into how to use chronyd as my local ntp server.
> 
> On my old servers with ntpd I had local access control lines like:
> 
> restrict 192.168.128.0 mask 255.255.255.0 nomodify notrap
> 
> 
> But in looking for documentation on chronyd I did not find anything
> on this at:
> 
> https://chrony.tuxfamily.org/doc/2.1/manual.html
> 
> In the actual /etc/chronyd.conf there is the sample line:
> 
> # Allow NTP client access from local network.
> #allow 192.168/16
> 
> Does this allow only allow queries?  Does chronyd support the
> 'restrict' option?
Robert:

Years back I used to use Chrony for that  purpose (when I was running
Smoothwall on an old PC instead of a commercial router, as I am now)
and it did the job remarkably well.

One of the designgoals of Chrony was to support networks or computers
that are NOT connected full-time, so that time stayed somewhere near
correct even if offline for hours or days.

But that having been so long ago, now, I don't remember the details.

I also don't remember what the "restrict" directive for ntpd does.

(to give you an idea of how long ago that was it was when I had a Red Hat
7.2 or 7.3 workstation as my home PC--pre-RHEL. I could compile things on
that RH box, tar up the necessary results and take that file to the
smoothwall box and untar them and with small configuration: voila!)

there used to be a chrony mailing list where one could ask such questions,
but I haven't seen traffic on it in years, so it may no longer exist.

Fred
-- 
-------------------------------------------------------------------------------
    Under no circumstances will I ever purchase anything offered to me as
    the result of an unsolicited e-mail message. Nor will I forward chain
    letters, petitions, mass mailings, or virus warnings to large numbers
    of others. This is my contribution to the survival of the online
    community.
 --Roger Ebert, December, 1996
----------------------------- The Boulder Pledge -----------------------------

AFAIK the only thing needed to make your host an NTP server using chrony 
is to set the allow line to the network address in CIDR format of the 
network you want to be served, and uncomment it. The restart chronyd. 
You also need to ensure that port 123 (NTP) is open to your internal 
network on your filrewall.

I have a CentOS 6 box that is an NTP server for my network. CentOS 7 
works the same way.


On 12/27/2016 08:25 AM, Fred Smith wrote:
> On Mon, Dec 26, 2016 at 11:04:22PM -0500, Robert Moskowitz wrote:
>> This is for centos 7 that has chronyd 2.1.1
>>
>> I am looking into how to use chronyd as my local ntp server.
>>
>> On my old servers with ntpd I had local access control lines like:
>>
>> restrict 192.168.128.0 mask 255.255.255.0 nomodify notrap
>>
>>
>> But in looking for documentation on chronyd I did not find anything
>> on this at:
>>
>> https://chrony.tuxfamily.org/doc/2.1/manual.html
>>
>> In the actual /etc/chronyd.conf there is the sample line:
>>
>> # Allow NTP client access from local network.
>> #allow 192.168/16
>>
>> Does this allow only allow queries?  Does chronyd support the
>> 'restrict' option?
> Robert:
>
> Years back I used to use Chrony for that  purpose (when I was running
> Smoothwall on an old PC instead of a commercial router, as I am now)
> and it did the job remarkably well.
>
> One of the designgoals of Chrony was to support networks or computers
> that are NOT connected full-time, so that time stayed somewhere near
> correct even if offline for hours or days.
>
> But that having been so long ago, now, I don't remember the details.
>
> I also don't remember what the "restrict" directive for ntpd
does.
>
> (to give you an idea of how long ago that was it was when I had a Red Hat
> 7.2 or 7.3 workstation as my home PC--pre-RHEL. I could compile things on
> that RH box, tar up the necessary results and take that file to the
> smoothwall box and untar them and with small configuration: voila!)
>
> there used to be a chrony mailing list where one could ask such questions,
> but I haven't seen traffic on it in years, so it may no longer exist.
>
> Fred
-- 


*********************************************************
David P. Both, RHCE
Millennium Technology Consulting LLC
Raleigh, NC, USA
919-389-8678

dboth at millennium-technology.com

www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*********************************************************
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not consent to the
retrieving or storing of this communication and any related metadata, as well as
printing, copying, re-transmitting, disseminating, or otherwise using it. If you
believe you have received this communication in error, please delete it
immediately.