From owner-freebsd-doc@FreeBSD.ORG  Fri Dec 23 02:37:19 2005
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
X-Original-To: doc@FreeBSD.org
Delivered-To: freebsd-doc@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 61BD216A41F
	for <doc@FreeBSD.org>; Fri, 23 Dec 2005 02:37:19 +0000 (GMT)
	(envelope-from rbrewer@lava.net)
Received: from eclair.lava.net (eclair.lava.net [64.65.64.64])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E9F8843D49
	for <doc@FreeBSD.org>; Fri, 23 Dec 2005 02:37:15 +0000 (GMT)
	(envelope-from rbrewer@lava.net)
Received: from [172.31.8.125] (host-73.colo.spiretech.com [207.173.206.73])
	by eclair.lava.net (Postfix) with ESMTP id D76B12A4827
	for <doc@FreeBSD.org>; Thu, 22 Dec 2005 16:37:13 -1000 (HST)
Date: Thu, 22 Dec 2005 16:37:14 -1000
From: Robert Brewer <rbrewer@lava.net>
To: doc@FreeBSD.org
Message-ID: <4D601184E98FB015176F2C0F@fac-dhcp13.ics.hawaii.edu>
X-Mailer: Mulberry/3.1.5 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: 
Subject: Suggestions for NTP section of FreeBSD Handbook
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2005 02:37:19 -0000

I was setting up NTP based on section 24 of the FreeBSD Handbook

<http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ntp.html>

and I felt section 24.11.3.3 could be a little more helpful. If you add the 
suggested "restrict default ignore", it looks like all incoming NTP packets 
will be dropped, which prevents synchronization with the configured 
servers. Since one of the most common configurations will be to configure 
some servers and disable all NTP access except for the servers, I think it 
would be helpful to point out this fact. Something like "Make sure to allow 
any upstream servers you have configured to access your server by adding a 
line like 'restrict ntp2a.example.net nomodify' to your configuration.

-- 
Robert Brewer
Information Technology Specialist
University of Hawaii at Manoa, Information and Computer Sciences Dept