From owner-freebsd-questions@FreeBSD.ORG Sat Nov 5 08:10:51 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE1AD106566B for ; Sat, 5 Nov 2011 08:10:51 +0000 (UTC) (envelope-from alexander.kapshuk@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4D79C8FC0A for ; Sat, 5 Nov 2011 08:10:50 +0000 (UTC) Received: by faar19 with SMTP id r19so5041359faa.13 for ; Sat, 05 Nov 2011 01:10:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=r8T8xv8H8n9N+QE3vlKsomCQwPtytQ7VSZPM4raspQk=; b=W1Tnz8wLZDMavLRCJ/gX/JSMBwq8Yd9dDbaC1dzPHJiRZg57T6KvuVr+YMXyKCE0uN 2rZaLxNif1WBb6cb+ujACXW+2UpsXcCth9JJ34778p9ocHYgWxu2sZjBH2J+OeYPSDMF 9yk1Y9bmUqL7SDHec8f9Jxv2Qf+q3M2fFvo8I= Received: by 10.223.76.197 with SMTP id d5mr30540155fak.13.1320480650168; Sat, 05 Nov 2011 01:10:50 -0700 (PDT) Received: from [192.168.1.2] (93-127-96-97.static.vega-ua.net. [93.127.96.97]) by mx.google.com with ESMTPS id d3sm7927942fad.2.2011.11.05.01.10.49 (version=SSLv3 cipher=OTHER); Sat, 05 Nov 2011 01:10:49 -0700 (PDT) Message-ID: <4EB4EF88.20507@gmail.com> Date: Sat, 05 Nov 2011 10:10:48 +0200 From: Alexander Kapshuk User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:7.0.1) Gecko/20111014 Thunderbird/7.0.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4EB44272.6060809@gmail.com> <44vcqzbrlu.fsf@be-well.ilk.org> <20111104215321.5f9ca2eb@nonamehost.> <44r51nbq4p.fsf@be-well.ilk.org> <4EB457C1.2070607@gmail.com> <44lirvbopw.fsf@be-well.ilk.org> <4EB46E5C.2000107@gmail.com> <44bosro5uj.fsf@lowell-desk.lan> <4EB4EA43.80405@gmail.com> <4EB4EE92.60303@infracaninophile.co.uk> In-Reply-To: <4EB4EE92.60303@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: trouble setting timezone for ukraine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Nov 2011 08:10:51 -0000 On 11/05/11 10:06, Matthew Seaman wrote: > On 05/11/2011 07:48, Alexander Kapshuk wrote: >> i'm not sure i clearly understand what has to be done to make the ntp >> server on my system to be inaccessible to anyone but me. >> >> a sample /etc/ntp.conf would be appreciated. >> > You need the 'restrict' keyword to control access to ntpd -- add a block > something like this to the beginning of ntp.conf: > > restrict default nomodify nopeer noquery notrap # everyone can go away... > restrict -6 default nomodify nopeer noquery notrap > restrict 127.0.0.1 # except me ... > restrict -6 ::1 > restrict 81.187.76.160 mask 255.255.255.248 nomodify notrap nopeer # or > the local net > restrict -6 2001:8b0:151:1:: mask ffff:ffff:ffff:ffff:: nomodify notrap > nopeer > > Except, obviously, replace the network addresses and netmasks in the > last two lines with appropriate settings for your environment. See > ntp.conf(5). Note these restrictions apply to outgoing as well as > incoming queries, so you can block your own access to NTP servers on the > net if not careful. > > Cheers, > > Matthew > understood. thanks. sasha