14.17.1. Configure Access Control to an NTP Service
To restrict or control access to the
NTP
service running on a system, make use of the
restrict
command in the
ntp.conf
file. See the commented out example:
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
The restrict
command takes the following form:
restrict
option
where
option is one or more of:
ignore
— All packets will be ignored, including ntpq
and ntpdc
queries.
kod
— a “Kiss-o'-death” packet is to be sent to reduce unwanted queries.
lowpriotrap
— traps set by matching hosts to be low priority.
nomodify
— prevents any changes to the configuration.
noquery
— prevents ntpq
and ntpdc
queries, but not time queries, from being answered.
nopeer
— prevents a peer association being formed.
noserve
— deny all packets except ntpq
and ntpdc
queries.
notrap
— prevents ntpdc
control message protocol traps.
notrust
— deny packets that are not cryptographically authenticated.
ntpport
— modify the match algorithm to only apply the restriction if the source port is the standard NTP
UDP
port 123
.
version
— deny packets that do not match the current NTP
version.
To configure rate limit access to not respond at all to a query, the respective restrict
command has to have the limited
option. If ntpd
should reply with a KoD
packet, the restrict
command needs to have both limited
and kod
options.
The
ntpq
and
ntpdc
queries can be used in amplification attacks (see
CVE-2013-5211 for more details), do not remove the
noquery
option from the
restrict default
command on publicly accessible systems.