Solved: ntp restrict noquery

Started by fastboot, September 27, 2024, 03:01:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 27, 2024, 03:01:56 PM Last Edit: September 27, 2024, 03:15:08 PM by fastboot
Hi,

following the release notes I would like to understand what the following means.

"Also take note that the NTP default changes to "restrict noquery" so that
the system cannot externally be queried for revealing system internals
anymore unless explicitly allowed."

Where can I find that setting?

"The interface selection must therefore include a WAN type interface so that normal routing to the internet can take place."
Ref: https://docs.opnsense.org/manual/ntpd.html

That was my mistake at the beginning. So I had to add the WAN interface, but did not add any rules. As of course I did not want anyone in the internet to be able to connect to 123/UDP to my system.
https://docs.opnsense.org/manual/ntpd.html
September 27, 2024, 03:03:43 PM #1
The relevant ticket is https://github.com/opnsense/core/issues/7832


Cheers,
Franco
September 27, 2024, 03:05:49 PM #2 Last Edit: September 27, 2024, 03:24:29 PM by franco
And to answer your question:

Access restrictions -> Disable ntpq and ntpdc queries

But you don't really need to flip this. The default makes sense and was most likely only given backwards before so that the NTP status page could work but that isn't really necessary as the latest change shows.


Cheers,
Franco
September 27, 2024, 03:15:46 PM #3
Thanks a lot for the explanation and the super fast feedback.

So everything is fine then.

Keep up the good work! :)
Print
Go Up Pages1
User actions