[chrony-users] Allowing IPv6 hosts to sync |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: [chrony-users] Allowing IPv6 hosts to sync
- From: Alexander Groß <agross@xxxxxxxxxxxxxxxx>
- Date: Thu, 10 Dec 2015 15:30:02 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=therightstuff.de; s=google; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=ZqPfoLq0Uj0n07w0F8tfqaC6H0utnj3GxYwp5KeU4yg=; b=MHK3d/uNbiQJVbfIyGR4OeuKzyLBxxzls8YDyZXZF1HmTdw3HowI0jdPLwLy/edvMv NiVMDW8Iew9co/tNcrkCA3nQSeS6LWWAeuuMRxu//khw666Dyv5PhGmUohKiJoHf6ff/ w9n9linmgpH/SPkqTrUcfQpHFT0rCud3FMe3U=
Hi,
I'm running chronyd (chrony) version 1.29.1 on CentOS7 and I would
like to allow IPv6 hosts from my local network to sync with the
server.
This is the relevant part from my /etc/chrony.conf:
allow 172.16.0/24
allow 2001:444:1f0a:c9a::/64
# no deny rules present!
After saving the file and restarting chronyd I went and tried to check
if hosts are allowed:
$ chronyc -a
chrony version 1.29.1
Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions. See the
GNU General Public License version 2 for details.
200 OK
chronyc> accheck 2001:444:1f0b:c9a::12
209 Access denied
chronyc> accheck 2001:444:1f0b:c9a:20c:29ff:fe4d:357b
209 Access denied
chronyc> accheck 172.16.0.1
208 Access allowed
I also see the some "access denied" entries in the journal:
NTP packet received from unauthorised host
2001:444:1f0b:c9a:20c:29ff:fe4d:357b port 123
Any ideas what's wrong with my configuration?
Thanks,
Alex
--
Alexander Groß
http://therightstuff.de/
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.