From Newsgroup: comp.protocols.time.ntp

Hello!

I've a FreeBSD machine that should sync the time with and NTP server,
but shouldn't provide an NTP server.

How can I configure it to only sync the time, but not provide the
listener on udp/123?
--
kind regards
Marco

Send spam to 1744219621muell@stinkedores.dorfdsl.de

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

--0000000000001d0d7006325c9b06
Content-Type: text/plain; charset="UTF-8"

On Wed, Apr 9, 2025, 10:42 Marco Moock <mm@dorfdsl.de> wrote:

Hello!

I've a FreeBSD machine that should sync the time with and NTP server,
but shouldn't provide an NTP server.

How can I configure it to only sync the time, but not provide the
listener on udp/123?

Use a firewall smart enough to drop time requests/peering/control?, use
chrony with an appropriate configuration, or "restrict -6 :: noserve" and stuff.

https://www.ntp.org/documentation/4.2.8-series/ntp.conf/

https://chrony-project.org/doc/4.6.1/chrony.conf.html



--0000000000001d0d7006325c9b06
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><div class=3D"gmail_quote gmail_quote_container"><di=
v dir=3D"ltr" class=3D"gmail_attr">On Wed, Apr 9, 2025, 10:42 Marco Moock &= lt;<a href=3D"mailto:mm@dorfdsl.de">mm@dorfdsl.de</a>&gt; wrote:<br></div><= blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px=
#ccc solid;padding-left:1ex">Hello!<br>

I&#39;ve a FreeBSD machine that should sync the time with and NTP server,<b=

but shouldn&#39;t provide an NTP server.<br>

How can I configure it to only sync the time, but not provide the<br>
listener on udp/123?<br></blockquote></div></div><div dir=3D"auto"><br></di= v><div dir=3D"auto">Use a firewall smart enough to drop time requests/peeri= ng/control?, use chrony with an appropriate configuration, or &quot;restric=
t -6 :: noserve&quot; and stuff.</div><div dir=3D"auto"><br></div><div dir= =3D"auto"><a href=3D"https://www.ntp.org/documentation/4.2.8-series/ntp.con= f/">https://www.ntp.org/documentation/4.2.8-series/ntp.conf/</a></div><div = dir=3D"auto"><br></div><div dir=3D"auto"><a href=3D"https://chrony-project.= org/doc/4.6.1/chrony.conf.html">https://chrony-project.org/doc/4.6.1/chrony= .conf.html</a></div><div dir=3D"auto"><div class=3D"gmail_quote gmail_quote= _container"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo= rder-left:1px #ccc solid;padding-left:1ex">
</blockquote></div></div></div>

--0000000000001d0d7006325c9b06--

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

--000000000000aeb22f06325dfd5b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 9, 2025 at 5:42=E2=80=AFPM Marco Moock <mm@dorfdsl.de> wrote:

Hello!

I've a FreeBSD machine that should sync the time with and NTP server,
but shouldn't provide an NTP server.

How can I configure it to only sync the time, but not provide the
listener on udp/123?

In ntp.conf:

nic listen ::1
nic listen 127.0.0.1
nic ignore all

It might also be adequate for your case to instead invoke ntpd with "-I ::1=
"
on the command line. ntpq defaults to using ::1 (IPv6 localhost) on most systems. Either way, ntpd startup logging will tell you which addresses
it's opening and whether it's actually processing incoming packets or just reading and dropping them (wierd, I know).


Cheers,
Dave Hart

--000000000000aeb22f06325dfd5b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div><div class=3D"gmail_default" style= =3D"font-family:&quot;trebuchet ms&quot;,sans-serif"></div></div></div><br>= <div class=3D"gmail_quote gmail_quote_container"><div dir=3D"ltr" class=3D"= gmail_attr">On Wed, Apr 9, 2025 at 5:42=E2=80=AFPM Marco Moock &lt;<a href= =3D"mailto:mm@dorfdsl.de">mm@dorfdsl.de</a>&gt; wrote:<br></div><blockquote=
class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px so= lid rgb(204,204,204);padding-left:1ex">Hello!<br>

I&#39;ve a FreeBSD machine that should sync the time with and NTP server,<b=

but shouldn&#39;t provide an NTP server.<br>

How can I configure it to only sync the time, but not provide the<br>
listener on udp/123?<br>
<span class=3D"gmail_default" style=3D"font-family:&quot;trebuchet ms&quot;= ,sans-serif"></span><br>
</blockquote><div><br></div><div><div class=3D"gmail_default" style=3D"font= -family:&quot;trebuchet ms&quot;,sans-serif">In ntp.conf:</div><div class= =3D"gmail_default" style=3D"font-family:&quot;trebuchet ms&quot;,sans-serif= "><br></div><div class=3D"gmail_default" style=3D"font-family:&quot;trebuch=
et ms&quot;,sans-serif">nic listen ::1</div><div class=3D"gmail_default" st= yle=3D"font-family:&quot;trebuchet ms&quot;,sans-serif">nic listen 127.0.0.= 1</div><div class=3D"gmail_default" style=3D"font-family:&quot;trebuchet ms= &quot;,sans-serif">nic ignore all</div><br class=3D"gmail-Apple-interchange= -newline"><div class=3D"gmail_default" style=3D""><span style=3D"font-famil= y:&quot;trebuchet ms&quot;,sans-serif">It might also be adequate for your c= ase to instead invoke ntpd with &quot;</span><font face=3D"monospace">-I ::= 1</font><font face=3D"trebuchet ms, sans-serif">&quot; on the command line.= =C2=A0 ntpq defaults to using ::1 (IPv6 localhost) on most systems.=C2=A0 E= ither way, ntpd startup logging will tell you which addresses it&#39;s open= ing and whether it&#39;s actually processing incoming packets or just readi=
ng and dropping them (wierd, I know).</font></div><br clear=3D"all"></div><= div><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div><font = face=3D"tahoma, sans-serif" color=3D"#666666"><br></font></div><font face= =3D"tahoma, sans-serif" color=3D"#666666">Cheers,<br>Dave Hart</font></div>= </div></div><br class=3D"gmail-Apple-interchange-newline"></div></div>

--000000000000aeb22f06325dfd5b--

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

--0000000000001ec5db06325e0d6c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 9, 2025 at 8:05=E2=80=AFPM Dave Hart <davehart@gmail.com> wrote=
:

On Wed, Apr 9, 2025 at 5:42=E2=80=AFPM Marco Moock <mm@dorfdsl.de> wrote:

How can I configure it to only sync the time, but not provide the
listener on udp/123?

In ntp.conf:

nic listen ::1
nic listen 127.0.0.1
nic ignore all

It might also be adequate for your case to instead invoke ntpd with "-I
::1" on the command line. ntpq defaults to using ::1 (IPv6 localhost) on most systems. Either way, ntpd startup logging will tell you which
addresses it's opening and whether it's actually processing incoming
packets or just reading and dropping them (wierd, I know).

Actually that won't work as ntpd needs ipv4 and ipv6 addresses opened for

its client code to reach out to servers. So instead of "nic ignore all"
use:

nic drop all

Cheers,
Dave Hart

--0000000000001ec5db06325e0d6c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div><div class=3D"gmail_default" style= =3D"font-family:&quot;trebuchet ms&quot;,sans-serif"></div></div></div><br>= <div class=3D"gmail_quote gmail_quote_container"><div dir=3D"ltr" class=3D"= gmail_attr">On Wed, Apr 9, 2025 at 8:05=E2=80=AFPM Dave Hart &lt;<a href=3D= "mailto:davehart@gmail.com">davehart@gmail.com</a>&gt; wrote:<br></div><blo= ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left= :1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=3D"= ltr"><div><div style=3D"font-family:&quot;trebuchet ms&quot;,sans-serif"></= div></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gm= ail_attr">On Wed, Apr 9, 2025 at 5:42=E2=80=AFPM Marco Moock &lt;<a href=3D= "mailto:mm@dorfdsl.de" target=3D"_blank">mm@dorfdsl.de</a>&gt; wrote:<br></= div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bor= der-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
How can I configure it to only sync the time, but not provide the<br>
listener on udp/123?<br>
</blockquote><div><br></div><div><div style=3D"font-family:&quot;trebuchet = ms&quot;,sans-serif">In ntp.conf:</div><div style=3D"font-family:&quot;treb= uchet ms&quot;,sans-serif"><br></div><div style=3D"font-family:&quot;trebuc= het ms&quot;,sans-serif">nic listen ::1</div><div style=3D"font-family:&quo= t;trebuchet ms&quot;,sans-serif">nic listen 127.0.0.1</div><div style=3D"fo= nt-family:&quot;trebuchet ms&quot;,sans-serif">nic ignore all</div><br><div= ><span style=3D"font-family:&quot;trebuchet ms&quot;,sans-serif">It might a= lso be adequate for your case to instead invoke ntpd with &quot;</span><fon=
t face=3D"monospace">-I ::1</font><font face=3D"trebuchet ms, sans-serif">&= quot; on the command line.=C2=A0 ntpq defaults to using ::1 (IPv6 localhost=
) on most systems.=C2=A0 Either way, ntpd startup logging will tell you whi=
ch addresses it&#39;s opening and whether it&#39;s actually processing inco= ming packets or just reading and dropping them (wierd, I know).</font></div= ></div><br></div></div></blockquote><div><span class=3D"gmail_default" styl= e=3D"font-family:&quot;trebuchet ms&quot;,sans-serif"></span></div><div><di=
v class=3D"gmail_default" style=3D"font-family:&quot;trebuchet ms&quot;,san= s-serif">Actually that won&#39;t work as ntpd needs ipv4 and ipv6 addresses=
opened for its client code to reach out to servers.=C2=A0 So instead of &q= uot;nic ignore all&quot; use:</div><div class=3D"gmail_default" style=3D"fo= nt-family:&quot;trebuchet ms&quot;,sans-serif"><br></div><div class=3D"gmai= l_default" style=3D"font-family:&quot;trebuchet ms&quot;,sans-serif">nic dr=
op all</div><br></div><div><div dir=3D"ltr" class=3D"gmail_signature"><div = dir=3D"ltr"><font face=3D"tahoma, sans-serif" color=3D"#666666">Cheers,<br>= Dave Hart</font></div></div></div><br class=3D"gmail-Apple-interchange-newl= ine"><div>=C2=A0</div></div></div>

--0000000000001ec5db06325e0d6c--

--- Synchronet 3.20c-Linux NewsLink 1.2