From owner-freebsd-questions@FreeBSD.ORG Mon May 18 11:57:21 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EB64429E for ; Mon, 18 May 2015 11:57:21 +0000 (UTC) Received: from mgaterz1.oekb.co.at (mgaterz1.oekb.co.at [143.245.5.111]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mgaterz1.oekb.co.at", Issuer "Symantec Class 3 Secure Server CA - G4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 52E5D1C3E for ; Mon, 18 May 2015 11:57:20 +0000 (UTC) Received: from exchhubcas2.oekb.co.at ([143.245.3.66]) by mgaterz1.oekb.co.at with ESMTP/TLS/AES128-SHA; 18 May 2015 13:56:08 +0200 Received: from aurora.oekb.co.at (143.245.9.16) by internal-relay-exchhubcas2.oekb.co.at (143.245.3.65) with Microsoft SMTP Server id 14.3.210.2; Mon, 18 May 2015 13:56:07 +0200 Received: from aurora.oekb.co.at (localhost [127.0.0.1]) by aurora.oekb.co.at (8.14.9/8.14.9) with ESMTP id t4IBu7hU002932; Mon, 18 May 2015 13:56:07 +0200 (CEST) (envelope-from a@jenisch.at) Received: (from ej@localhost) by aurora.oekb.co.at (8.14.9/8.14.9/Submit) id t4IBu6ci002931; Mon, 18 May 2015 13:56:06 +0200 (CEST) (envelope-from a@jenisch.at) X-Authentication-Warning: aurora.oekb.co.at: ej set sender to a@jenisch.at using -f Date: Mon, 18 May 2015 13:56:06 +0200 From: Ewald Jenisch To: Subject: NTP - ntpdc monlist no longer working (10.1) Message-ID: <20150518115606.GA2898@aurora.oekb.co.at> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2015 11:57:22 -0000 Hi, Recently I upgraded a system from 8.3 to 10.1 (basically installing from scratch and pulling over all data). Upon checking my config I discovered "ntpc monlist" doesn't work in 10.1 (the monlist command is used for checking for clients that have connected to a NTP server). Please note, that I run the identical NTP-configuration (/etc/ntp.conf) on both the new and old machine. Specifically in my ntp.conf I've got restrict 127.0.0.1 so with this it should definitely be possible to run "ntpdc monlist" on the local machine querying the local ntp server. To track things down I even did a wireshark trace - sure enough I see ntp packets coming in including the "monlist"-packet - but no reply from my server. Also note, that I've got an identical configuration in terms of NTP permissions on a Raspberry - no problems with "ntpdc monlist" there. So here are my questions: o) Is "monlist" completely disabled in newer releases of FreeBSD per default? o) Is there any way to get monlist working again? Thanks in advance for any clue, -ewald PS: I'm well aware that "monlist" was used for NTP reflection attacks with internet facing NTP-servers - we're speaking of an NTP-server behind a firewall though with no inbound connections from the internet allowed.