"restrict ignore" is not reversible

Dear Support Team,

There is an issue if an IP address is restricted with "ignore". After that it's not possible to allow this IP without restarting the NTP daemon.

Here an example in a nutshell.
I insert some comments beginning with a //

# ntpq -n
ntpq> v
ntpsec-0.9.7+509 2017-04-27T03:33:50-0400
ntpq> mru
Ctrl-C will stop MRU retrieval and display partial results.
 lstint avgint rstr r m v  count rport remote address
===============================================================================
    579   1312    0 . 3 4    328   123 192.168.241.27

// I see 192.168.241.27 can access
// Running on my MacBook which has 192.168.241.27

mayer ~ $ sntp 192.168.241.10 
sntp 4.2.9p9@1.3677-o Mon Nov 14 06:51:28 UTC 2016 (124.50.4~22)
2017-05-04 10:09:05.218092 (-0200) +0.00511 +/- 0.022315 192.168.241.10 s2 no-leap

// Now I want to be bad to this cient

ntpq> config restrict 192.168.241.27 ignore
Config Succeeded

// the client runs into a timeout - this is OK

mayer ~ $ sntp 192.168.241.10 
sntp 4.2.9p9@1.3677-o Mon Nov 14 06:51:28 UTC 2016 (124.50.4~22)
192.168.241.10 no UCST response after 5 seconds

// 192.168.241.27 doesn't get any time information
// but I want to be nice to him again.

ntpq> config restrict 192.168.241.27
Config Succeeded

// but this client can't still get any time information

Kind regards
Hans

--