Tested in VyOS 1.3
.0 & VyOS 1.4-rolling-202201060842
"set system ntp allow-clients address '1.20.20.0/24'" command
requires a reboot todoesn't work
correctly
To recreate:
NTP Client NTP server
1.10.10.10/24 --------- 1.10.10.1/24
Simple NTP server config. The client synchronizes without any problems (expected):
```
set system ntp server 1.1.1.2
```
Adding restrictions on the server. So that only clients from 1.20.20.20/24 can get NTP:
```
set system ntp allow-clients address '1.20.20.0/24'
commit
save
```
BUT. 1.10.10.10 is still getting NTP. Despite the config.
However, after a server restart, 1.10.10.10 stops receiving NTP
It turns out the config is correct, but only rebooting helps
Rebooting the service doesn't help:
```
sudo systemctl restart ntp
```
ntpd.conf before reboot (after reboot config is the same):
```
vyos@vyos:~$ cat /run/ntpd/ntpd.conf
### Autogenerated by ntp.py ###
#
# Non-configurable defaults
#
driftfile /var/lib/ntp/ntp.drift
# By default, only allow ntpd to query time sources, ignore any incoming requess
restrict default noquery nopeer notrap nomodify
# Allow pool associations
restrict source nomodify notrap noquery
# Local users have unrestricted access, allowing reconfiguration via ntpdc
restrict 127.0.0.1
restrict -6 ::1
#
# Configurable section
#
server 1.1.1.2 iburst
server time1.vyos.net iburst
server time2.vyos.net iburst
server time3.vyos.net iburst
# Allowed clients configuration
restrict 1.20.20.0 mask 255.255.255.0 nomodify notrap nopeer
```
Some logs:
```
Jan 14 04:05:13 vyos ntpd[1812]: ntpd exiting on signal 15 (Terminated)
Jan 14 04:05:13 vyos ntpd[1812]: 1.1.1.2 local addr 1.1.1.1 -> <null>
Jan 14 04:05:14 vyos ntpd[2012]: ntpd
[email protected] (1): Starting
Jan 14 04:05:14 vyos ntpd[2012]: Command line: /usr/sbin/ntpd -g -p /run/ntpd/ntpd.pid -c /run/ntpd/ntpd.conf -u ntp:ntp
Jan 14 04:05:14 vyos systemd[1]: ntp.service: Can't open PID file /run/ntpd/ntpd.pid (yet?) after start: No such file or directory
Jan 14 04:05:14 vyos ntpd[2014]: proto: precision = 0.253 usec (-22)
Jan 14 04:05:14 vyos ntpd[2014]: Listen and drop on 0 v6wildcard [::]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 2 lo 127.0.0.1:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 3 eth0 1.1.1.1:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 4 eth1 1.10.10.1:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 5 lo [fe80::200:ff:fe00:0%1]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 6 lo [::1]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 7 eth0 [fe80::5204:ff:fe01:0%2]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 8 eth1 [fe80::5204:ff:fe01:1%3]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 9 eth2 [fe80::5204:ff:fe01:2%4]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 10 eth3 [fe80::5204:ff:fe01:3%5]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listening on routing socket on fd #27 for interface updates
Jan 14 04:05:14 vyos ntpd[2014]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Jan 14 04:05:14 vyos ntpd[2014]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
```