Ferdinand Goldmann <ferdinand.goldm...@jku.at> writes: > Dag-Erling Smørgrav <d...@des.no> writes: > > Doesn't "restrict noquery" block monlist in 4.2.6? > I think it should be possible to block it using: > > disable monitor > > seems to work for me.
That disables monlist across the board, whereas the restrict mechanism allows you to disable it selectively: restrict default nomodify nopeer noquery notrap restrict localhost not quite as fine-grained, though, since "disable monitor" only disables monlist while "restrict noquery" blocks all ntpq / ntpdc queries. Of course, the default behavior for a sensible NTP implementation should be to ignore everything except time queries. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
