Date: Wed, 04 Jul 2001 10:42:34 +1000 From: Tony Landells <ahl@austclear.com.au> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Tightening up ntpd Message-ID: <200107040042.KAA21733@tungsten.austclear.com.au> In-Reply-To: Message from Sheldon Hearn <sheldonh@starjuice.net> of "Tue, 03 Jul 2001 11:16:56 %2B0200." <24350.994151816@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
sheldonh@starjuice.net said: > What do I do in /etc/ntp.conf to prevent hosts other than those I list > with "server" from changing my time? I know how to do this with a > firewall, but get the feeling from the ntp.conf(5) manual page that it > could be done in there. > To be honest, the ntp.conf(5) page overwhelms me a little. :-) There is some additional documentation at www.ntp.org. It's slightly better than the ntp.conf man page. Slightly... The section you want to look at in the ntp.conf man page is the one headed "Access Control Support". What you want to add to your ntp.conf is something like: # Change the default behaviour to ignore everything restrict 0.0.0.0 mask 0.0.0.0 ignore # If we want to use "ntpq", for example, we need some local access restrict 127.0.0.1 noserve notrap notrust # These are our two nameservers (provided by our ISP) # We query them, so they don't need much access to us... restrict 192.189.54.17 nomodify noquery notrap ntpport restrict 192.189.54.33 nomodify noquery notrap ntpport To find out exactly what the options are, you'll need to read the man page, but if you want to ask specific questions about what I understand them to do, send me e-mail. Of course, I'm not a definitive source of wisdom--for that you should go through the references at www.ntp.org Tony -- Tony Landells <ahl@austclear.com.au> Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107040042.KAA21733>