Hi-- On Mar 20, 2014, at 12:33 PM, Ronald F. Guilmette <[email protected]> wrote: > Here is what I am seeing now in response to an ntpdc "peers" query. I am > not really all that familiar with this stuff, so if anybody else here can > tell me if this looks messed up or not, I'd sure appreciate it. > > > remote local st poll reach delay offset disp > ======================================================================= > =nist.netservice 69.62.255.118 16 1024 0 0.00000 0.000000 3.99217 > =rook.slash31.co 69.62.255.118 16 1024 0 0.00000 0.000000 3.99217 > =96.44.142.5 69.62.255.118 16 1024 0 0.00000 0.000000 3.99217 Reachability score of 0 means you've blocked the communications. > Of course, if this *is* messed up, then I guess that I'll have to remove > my firewall rule, and diddle my /etc/ntp.conf file at the same time, in > order to make sure that the Evil Ones don't come back and use & abuse me > again. OK, although you're making this more complicated than it needs to be. If you don't want to provide NTP service to the outside world, leave your existing deny rule in place but add permit rules to allow UDP traffic to and from the NTP servers which you want to sync time from. Regards, -- -Chuck _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"