14.17.1. Configure Access Control to an NTP Service
To restrict or control access to the
NTP service running on a system, make use of the
restrict command in the
ntp.conf file. See the commented out example:
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
The restrict command takes the following form:
restrict option
where
option is one or more of:
ignore — All packets will be ignored, including ntpq and ntpdc queries.
kod — a “Kiss-o'-death” packet is to be sent to reduce unwanted queries.
lowpriotrap — traps set by matching hosts to be low priority.
nomodify — prevents any changes to the configuration.
noquery — prevents ntpq and ntpdc queries, but not time queries, from being answered.
nopeer — prevents a peer association being formed.
noserve — deny all packets except ntpq and ntpdc queries.
notrap — prevents ntpdc control message protocol traps.
notrust — deny packets that are not cryptographically authenticated.
ntpport — modify the match algorithm to only apply the restriction if the source port is the standard NTP UDP port 123.
version — deny packets that do not match the current NTP version.
To configure rate limit access to not respond at all to a query, the respective restrict command has to have the limited option. If ntpd should reply with a KoD packet, the restrict command needs to have both limited and kod options.
The
ntpq and
ntpdc queries can be used in amplification attacks (see
CVE-2013-5211 for more details), do not remove the
noquery option from the
restrict default command on publicly accessible systems.
