From owner-freebsd-questions@FreeBSD.ORG Wed Jan 4 09:14:06 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 127A016A420 for ; Wed, 4 Jan 2006 09:14:06 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.bitfreak.org (mail.bitfreak.org [65.75.198.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 917CF43D67 for ; Wed, 4 Jan 2006 09:14:03 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from smiley (mail.bitfreak.org [65.75.198.146]) by mail.bitfreak.org (Postfix) with ESMTP id 8ABA219F2C; Wed, 4 Jan 2006 01:14:02 -0800 (PST) From: "Darren Pilgrim" To: "'Matthew Seaman'" Date: Wed, 4 Jan 2006 01:13:52 -0800 Message-ID: <000001c6110f$31a02bc0$642a15ac@smiley> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 Importance: Normal In-Reply-To: <43BA5FD9.5060108@infracaninophile.co.uk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: freebsd-questions@freebsd.org Subject: RE: How to bind ntpd to a single address? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2006 09:14:06 -0000 From: Matthew Seaman [mailto:m.seaman@infracaninophile.co.uk]=20 > Darren Pilgrim wrote: > > I don't like (let alone want) ntpd binding to every IP address on > > the host. The man pages don't say anything about specifying a > > binding address for ntpd. A search of the sources and Google > > also failed to reveal anything useful. > >=20 > > So how to I tell ntpd to bind to a specific IP address? >=20 > ntpd doesn't have that functionality I'm afraid. The next best you > can do is review your /etc/ntpd.conf 'restrict' rules carefully and > implement a firewall to control access to port 123/UDP. The ntp.conf(5) man page isn't what I would consider well-written, so = it's a bit difficult understand how rules are applied. For example, if I put: restrict default noquery nopeer limited restrict local_network/mask nomodify restrict peerhost nomodify restrict 127.0.0.1 Does that mean: - Provide only rate-limited, non-peering time service by default. - Provide unlimited time service to the local network and also let the = local network make read-only mode 6/7 queries. - Peers are given the same treatment as the local network. - Let localhost do anything.