From owner-freebsd-questions@FreeBSD.ORG  Sat Nov  5 08:06:59 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B9655106564A
	for <freebsd-questions@freebsd.org>;
	Sat,  5 Nov 2011 08:06:59 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78])
	by mx1.freebsd.org (Postfix) with ESMTP id 49AE38FC0C
	for <freebsd-questions@freebsd.org>;
	Sat,  5 Nov 2011 08:06:59 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id
	pA586oeM063225
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>; Sat, 5 Nov 2011 08:06:50 GMT
	(envelope-from m.seaman@infracaninophile.co.uk)
X-DKIM: OpenDKIM Filter v2.4.1 smtp.infracaninophile.co.uk pA586oeM063225
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=infracaninophile.co.uk; s=201001-infracaninophile; t=1320480411;
	bh=MygBCgajpaCeG3p20dh/Mv2bFtIUL0zag19avZ9zEBg=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:References:
	In-Reply-To:Content-Type:Cc;
	b=rCdvWjlhekjBuHgOKNJjPHVcEdh7lHYzFtIsTMl6aZthEHBWMKVToJ+aN++Ffouou
	avetNi3Sn4zmc/BxWFNtUhjN6xpt99zEVF4/JdGtaldWD842BXL/i5O8laWvoBmILH
	TMlffcfALj5ndl217jG/pOOss//ctCU/hCsHvPzI=
Message-ID: <4EB4EE92.60303@infracaninophile.co.uk>
Date: Sat, 05 Nov 2011 08:06:42 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <4EB44272.6060809@gmail.com> <44vcqzbrlu.fsf@be-well.ilk.org>
	<20111104215321.5f9ca2eb@nonamehost.>
	<44r51nbq4p.fsf@be-well.ilk.org> <4EB457C1.2070607@gmail.com>
	<44lirvbopw.fsf@be-well.ilk.org> <4EB46E5C.2000107@gmail.com>
	<44bosro5uj.fsf@lowell-desk.lan> <4EB4EA43.80405@gmail.com>
In-Reply-To: <4EB4EA43.80405@gmail.com>
X-Enigmail-Version: 1.3.2
OpenPGP: id=60AE908C
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig84BF47F9F7FDBE67ED93A087"
X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_05,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	lucid-nonsense.infracaninophile.co.uk
Subject: Re: trouble setting timezone for ukraine
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Nov 2011 08:06:59 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig84BF47F9F7FDBE67ED93A087
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 05/11/2011 07:48, Alexander Kapshuk wrote:
> i'm not sure i clearly understand what has to be done to make the ntp
> server on my system to be inaccessible to anyone but me.
>=20
> a sample /etc/ntp.conf would be appreciated.
>=20

You need the 'restrict' keyword to control access to ntpd -- add a block
something like this to the beginning of ntp.conf:

restrict default nomodify nopeer noquery notrap   # everyone can go away.=
=2E.
restrict -6 default nomodify nopeer noquery notrap
restrict 127.0.0.1                               # except me ...
restrict -6 ::1
restrict 81.187.76.160 mask 255.255.255.248 nomodify notrap nopeer # or
the local net
restrict -6 2001:8b0:151:1:: mask ffff:ffff:ffff:ffff:: nomodify notrap
nopeer

Except, obviously, replace the network addresses and netmasks in the
last two lines with appropriate settings for your environment.  See
ntp.conf(5).  Note these restrictions apply to outgoing as well as
incoming queries, so you can block your own access to NTP servers on the
net if not careful.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enig84BF47F9F7FDBE67ED93A087
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk607poACgkQ8Mjk52CukIzbIACeIvqZAnn3zsyJXN8jUg0xvRRZ
afQAn0T6/ojfBL0id06FNoRfy/onSKFe
=RHRh
-----END PGP SIGNATURE-----

--------------enig84BF47F9F7FDBE67ED93A087--