Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 05 Nov 2011 08:06:42 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-questions@freebsd.org
Subject:   Re: trouble setting timezone for ukraine
Message-ID:  <4EB4EE92.60303@infracaninophile.co.uk>
In-Reply-To: <4EB4EA43.80405@gmail.com>
References:  <4EB44272.6060809@gmail.com> <44vcqzbrlu.fsf@be-well.ilk.org> <20111104215321.5f9ca2eb@nonamehost.> <44r51nbq4p.fsf@be-well.ilk.org> <4EB457C1.2070607@gmail.com> <44lirvbopw.fsf@be-well.ilk.org> <4EB46E5C.2000107@gmail.com> <44bosro5uj.fsf@lowell-desk.lan> <4EB4EA43.80405@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig84BF47F9F7FDBE67ED93A087
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 05/11/2011 07:48, Alexander Kapshuk wrote:
> i'm not sure i clearly understand what has to be done to make the ntp
> server on my system to be inaccessible to anyone but me.
>=20
> a sample /etc/ntp.conf would be appreciated.
>=20

You need the 'restrict' keyword to control access to ntpd -- add a block
something like this to the beginning of ntp.conf:

restrict default nomodify nopeer noquery notrap   # everyone can go away.=
=2E.
restrict -6 default nomodify nopeer noquery notrap
restrict 127.0.0.1                               # except me ...
restrict -6 ::1
restrict 81.187.76.160 mask 255.255.255.248 nomodify notrap nopeer # or
the local net
restrict -6 2001:8b0:151:1:: mask ffff:ffff:ffff:ffff:: nomodify notrap
nopeer

Except, obviously, replace the network addresses and netmasks in the
last two lines with appropriate settings for your environment.  See
ntp.conf(5).  Note these restrictions apply to outgoing as well as
incoming queries, so you can block your own access to NTP servers on the
net if not careful.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enig84BF47F9F7FDBE67ED93A087
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk607poACgkQ8Mjk52CukIzbIACeIvqZAnn3zsyJXN8jUg0xvRRZ
afQAn0T6/ojfBL0id06FNoRfy/onSKFe
=RHRh
-----END PGP SIGNATURE-----

--------------enig84BF47F9F7FDBE67ED93A087--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EB4EE92.60303>