FreeBSD Bugzilla – Attachment 159128 Details for
Bug 201803
[PATCH] etc/ntp.conf to enable pool client functionality
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Add pool configuration and dynamic source restrictions
10.2-BETA2-ntp.conf.diff (text/plain), 2.51 KB, created by
John Marshall
on 2015-07-24 02:00:48 UTC
(
hide
)
Description:
Add pool configuration and dynamic source restrictions
Filename:
MIME Type:
Creator:
John Marshall
Created:
2015-07-24 02:00:48 UTC
Size:
2.51 KB
patch
obsolete
>Index: etc/ntp.conf >=================================================================== >--- etc/ntp.conf (revision 285783) >+++ etc/ntp.conf (working copy) >@@ -19,10 +19,10 @@ > # > # The option `iburst' is used for faster initial synchronization. > # >-server 0.freebsd.pool.ntp.org iburst >-server 1.freebsd.pool.ntp.org iburst >-server 2.freebsd.pool.ntp.org iburst >-#server 3.freebsd.pool.ntp.org iburst >+pool 0.freebsd.pool.ntp.org iburst >+pool 1.freebsd.pool.ntp.org iburst >+pool 2.freebsd.pool.ntp.org iburst >+#pool 3.freebsd.pool.ntp.org iburst > > # > # If you want to pick yourself which country's public NTP server >@@ -30,42 +30,34 @@ > # the next ones and replace CC with the country's abbreviation. > # Make sure that the hostnames resolve to a proper IP address! > # >-# server 0.CC.pool.ntp.org iburst >-# server 1.CC.pool.ntp.org iburst >-# server 2.CC.pool.ntp.org iburst >+# pool 0.CC.pool.ntp.org iburst >+# pool 1.CC.pool.ntp.org iburst >+# pool 2.CC.pool.ntp.org iburst > > # > # Security: > # > # By default, only allow time queries and block all other requests >-# from unauthenticated clients. >+# from unauthenticated downstream clients. > # > # See http://support.ntp.org/bin/view/Support/AccessRestrictions > # for more information. > # > restrict default limited kod nomodify notrap nopeer noquery >-restrict -6 default limited kod nomodify notrap nopeer noquery > # >-# Alternatively, the following rules would block all unauthorized access. >+# Alternatively, the following rule would block all unauthorized access. > # > #restrict default ignore >-#restrict -6 default ignore > # >-# In this case, all remote NTP time servers also need to be explicitly >-# allowed or they would not be able to exchange time information with >-# this server. >+# Now specify a restriction mask for our upstream time source servers >+# (e.g. pool servers). This creates a dynamic 'restrict' entry for each >+# upstream server. > # >-# Please note that this example doesn't work for the servers in >-# the pool.ntp.org domain since they return multiple A records. >+restrict source limited kod nomodify notrap noquery > # >-#restrict 0.pool.ntp.org nomodify nopeer noquery notrap >-#restrict 1.pool.ntp.org nomodify nopeer noquery notrap >-#restrict 2.pool.ntp.org nomodify nopeer noquery notrap >-# > # The following settings allow unrestricted access from the localhost > restrict 127.0.0.1 >-restrict -6 ::1 >-restrict 127.127.1.0 >+restrict ::1 > > # > # If a server loses sync with all upstream servers, NTP clients >@@ -77,3 +69,4 @@ > # > #server 127.127.1.0 > #fudge 127.127.1.0 stratum 10 >+#restrict 127.127.1.0
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=159128">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 201803
: 159128