"restrict ignore" is not reversible
Dear Support Team,
There is an issue if an IP address is restricted with "ignore". After that it's not possible to allow this IP without restarting the NTP daemon.
Here an example in a nutshell.
I insert some comments beginning with a //
# ntpq -n ntpq> v ntpsec-0.9.7+509 2017-04-27T03:33:50-0400 ntpq> mru Ctrl-C will stop MRU retrieval and display partial results. lstint avgint rstr r m v count rport remote address =============================================================================== 579 1312 0 . 3 4 328 123 192.168.241.27
// I see 192.168.241.27 can access
// Running on my MacBook which has 192.168.241.27
mayer ~ $ sntp 192.168.241.10
sntp 4.2.9p9@1.3677-o Mon Nov 14 06:51:28 UTC 2016 (124.50.4~22)
2017-05-04 10:09:05.218092 (-0200) +0.00511 +/- 0.022315 192.168.241.10 s2 no-leap
// Now I want to be bad to this cient
ntpq> config restrict 192.168.241.27 ignore
Config Succeeded
// the client runs into a timeout - this is OK
mayer ~ $ sntp 192.168.241.10
sntp 4.2.9p9@1.3677-o Mon Nov 14 06:51:28 UTC 2016 (124.50.4~22)
192.168.241.10 no UCST response after 5 seconds
// 192.168.241.27 doesn't get any time information
// but I want to be nice to him again.
ntpq> config restrict 192.168.241.27
Config Succeeded
// but this client can't still get any time information
Kind regards
Hans
--