On Mon, 31 Jul 2023 at 16:39, Edward McGuire <[email protected]> wrote:
> On Friday, July 28, 2023 at 9:48:35 PM UTC, Dave Hart wrote: > > You can do the equivalent using ntpq's remote configuration command > ":config". > > ntpq -c "keyid 99" -c "passwd myntpqpasswd" -c ":config restrict > 10.11.12.13" > > That's not quite what I'm asking about. > On my system, your example does not delete an access control entry. > It adds an access control entry for 10.11.12.13, with no flags set -- or > updates an existing entry, if present: > > $ ntpq -n -c 'keyid 99' -c 'passwd' -c ':config restrict > 10.11.12.13' > MD5 Password: > Config Succeeded > $ ntpdc -n -c 'keyid 99' -c 'passwd' -c 'reslist' | grep > 10.11.12.13 > MD5 Password: > 10.11.12.13 255.255.255.255 0 none > $ > > It is a useful thing to do when the "default" entry has restrictive flags > set. > It punches a hole for a trusted host. > > But later, when you want to patch that hole, that's where "delrestrict" > comes in. > It drops the access control entry, letting the "default" entry take over. > Good point, Edward. Please open a report at https://bugs.ntp.org and we'll make a "delrestrict" verb for ntpq. Cheers, Dave Hart
