diff options
Diffstat (limited to 'source/n/ntp/ntp.conf')
| -rw-r--r-- | source/n/ntp/ntp.conf | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/source/n/ntp/ntp.conf b/source/n/ntp/ntp.conf index 74aae4c1..1844fb91 100644 --- a/source/n/ntp/ntp.conf +++ b/source/n/ntp/ntp.conf @@ -16,7 +16,10 @@ fudge 127.127.1.0 stratum 10 # # NTP server (list one or more) to synchronize with: -#server pool.ntp.org iburst +#server 0.pool.ntp.org iburst +#server 1.pool.ntp.org iburst +#server 2.pool.ntp.org iburst +#server 3.pool.ntp.org iburst # # Drift file. Put this in a directory which the daemon can write to. @@ -46,9 +49,24 @@ driftfile /etc/ntp/drift # # Don't serve time or stats to anyone else by default (more secure) -restrict default noquery nomodify +restrict default limited kod nomodify notrap nopeer noquery +restrict -6 default limited kod nomodify notrap nopeer noquery + +# +# Use these lines instead if you do want to serve time and stats to +# other machines on the network: +#restrict default limited kod nomodify notrap nopeer +#restrict -6 default limited kod nomodify notrap nopeer + +# +# Disable the ntpdc -c monlist command, which is insecure and can be used +# to cause a denial of service attack (CVE-2013-5211). Future versions of +# NTP will remove this command. +# (this feature was disabled by default with ntpd 4.2.7p230) +disable monitor # # Trust ourselves. :-) restrict 127.0.0.1 +restrict ::1 |