I want my local ntp server up and running, so I put in /etc/rc.conf: xntpd_enable="YES" but waht are the right rules for ipfilter? Someting like:
# Allow out ntp traffic pass out quick on rl0 proto tcp from any to any port = 123 flags S keep state pass out quick on rl0 proto udp from any to any port = 123 keep state
Or do I have to open some ports incoming as well?
The above allows your server to request time from remote servers, either using ntpdate or ntpd. If you want to serve other workstations then you need to accept incoming connections.
[ I think I need a good book about ipfilter ;-) ]
the ipfilter howto is good, allthough the nat-part can be a bit obscure.
I mentioned tcp/udp because I read in /etc/services that ntp uses both.
ntp is udp-only, see rfc1305.
Does keep state mean that automagically all incoming traffic will be OK (for ntp)
no. keep state means that when your server syncronizes with a remote ntp server, the reply packest are accepted. It does not allow incoming connections.
Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
