Index: etc/ntp.conf =================================================================== --- etc/ntp.conf +++ etc/ntp.conf @@ -11,28 +11,30 @@ # # -# The following three servers will give you a random set of three -# NTP servers geographically close to you. +# The following pool statement will give you a random set of NTP servers +# geographically close to you. # See http://www.pool.ntp.org/ for details. Note, the pool encourages # users with a static IP and good upstream NTP servers to add a server # to the pool. See http://www.pool.ntp.org/join.html if you are interested. # # The option `iburst' is used for faster initial synchronization. # -server 0.freebsd.pool.ntp.org iburst -server 1.freebsd.pool.ntp.org iburst -server 2.freebsd.pool.ntp.org iburst -#server 3.freebsd.pool.ntp.org iburst +pool 0.freebsd.pool.ntp.org iburst # # If you want to pick yourself which country's public NTP server -# you want sync against, comment out the above servers, uncomment -# the next ones and replace CC with the country's abbreviation. -# Make sure that the hostnames resolve to a proper IP address! -# -# server 0.CC.pool.ntp.org iburst -# server 1.CC.pool.ntp.org iburst -# server 2.CC.pool.ntp.org iburst +# you want sync against, comment out the above pool, uncomment +# the next one, and replace CC with the country's abbreviation. +# Make sure that the hostname resolves to a proper IP address! +# +# pool 0.CC.pool.ntp.org iburst + +# +# Ntpd automatically adds maxclock-1 servers from configured pools, and may +# add as many as maxclock*2 if necessary to ensure that at least minclock +# servers are providing good consistant time. +# +tos minclock 3 maxclock 6 # # Security: @@ -40,11 +42,17 @@ # By default, only allow time queries and block all other requests # from unauthenticated clients. # +# The "restrict source" line allows peers to be mobilized when added by +# ntpd from a pool, but does not enable mobilizing a new peer association +# by other dynamic means (broadcast, manycast, ntpq commands, etc). +# # See http://support.ntp.org/bin/view/Support/AccessRestrictions # for more information. # -restrict default limited kod nomodify notrap nopeer noquery -restrict -6 default limited kod nomodify notrap nopeer noquery +restrict source limited kod nomodify notrap noquery +restrict default limited kod nomodify notrap noquery nopeer +restrict -6 default limited kod nomodify notrap noquery nopeer + # # Alternatively, the following rules would block all unauthorized access. # @@ -65,7 +73,6 @@ # The following settings allow unrestricted access from the localhost restrict 127.0.0.1 restrict -6 ::1 -restrict 127.127.1.0 # # If a server loses sync with all upstream servers, NTP clients