[CentOS] chronyd configuration as a local ntp server

Tue Dec 27 13:25:41 UTC 2016
Fred Smith <fredex at fcshome.stoneham.ma.us>

On Mon, Dec 26, 2016 at 11:04:22PM -0500, Robert Moskowitz wrote:
> This is for centos 7 that has chronyd 2.1.1
> 
> I am looking into how to use chronyd as my local ntp server.
> 
> On my old servers with ntpd I had local access control lines like:
> 
> restrict 192.168.128.0 mask 255.255.255.0 nomodify notrap
> 
> 
> But in looking for documentation on chronyd I did not find anything
> on this at:
> 
> https://chrony.tuxfamily.org/doc/2.1/manual.html
> 
> In the actual /etc/chronyd.conf there is the sample line:
> 
> # Allow NTP client access from local network.
> #allow 192.168/16
> 
> Does this allow only allow queries?  Does chronyd support the
> 'restrict' option?

Robert:

Years back I used to use Chrony for that  purpose (when I was running
Smoothwall on an old PC instead of a commercial router, as I am now)
and it did the job remarkably well.

One of the designgoals of Chrony was to support networks or computers
that are NOT connected full-time, so that time stayed somewhere near
correct even if offline for hours or days.

But that having been so long ago, now, I don't remember the details.

I also don't remember what the "restrict" directive for ntpd does.

(to give you an idea of how long ago that was it was when I had a Red Hat
7.2 or 7.3 workstation as my home PC--pre-RHEL. I could compile things on
that RH box, tar up the necessary results and take that file to the
smoothwall box and untar them and with small configuration: voila!)

there used to be a chrony mailing list where one could ask such questions,
but I haven't seen traffic on it in years, so it may no longer exist.

Fred
-- 
-------------------------------------------------------------------------------
    Under no circumstances will I ever purchase anything offered to me as
    the result of an unsolicited e-mail message. Nor will I forward chain
    letters, petitions, mass mailings, or virus warnings to large numbers
    of others. This is my contribution to the survival of the online
    community.
 --Roger Ebert, December, 1996
----------------------------- The Boulder Pledge -----------------------------