Example 1: edit /etc/inet/ntp.client -> ntp.conf added: #added for DDoS prevention - don't allow any machine, except those w/o flags restrict default notrust nomodify noquery restrict 127.0.0.1 restrict 128.83.185.40 restrict 128.83.185.41 Example 2 (with additional comments): #permit# Permit time synchronization with our time source, but do not #permit# permit the source to query or modify the service on this system. restrict default ignore
restrict -6 default ignore #restrict default kod nomodify notrap nopeer noquery
#restrict -6 default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1server1 server 128.83.185.40 restrict 128.83.185.40 nomodify notrap nopeer noquery server 128.83.185.41 restrict 128.83.185.41 nomodify notrap nopeer noquery ~~~~~~~~`` default servers are commented out # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst |