Tip

This is the documentation for the v21.03 version. Looking for the documentation of the latest version? Have a look here.

NTP RestrictionsΒΆ

NTP restrictions control how NTP treats traffic from peers. The NTP Configuration Examples at the start of this section contains a good set of restrictions to use as a starting point.

These restrictions are configured using the restrict command from within config-ntp mode.

restrict (default|<fqdn>|<ip-prefix>|source)

This command enters config-ntp-restrict mode.

The restriction is placed upon an address specified as:

default

The default restriction for any host.

source

Default restrictions for associated hosts.

<fqdn>

An address specified as an FQDN to be resolved using DNS.

<prefix>

An IPv4 or IPv6 network specification.

In config-ntp-restrict mode, the following settings control what hosts matching this restriction can do:

kod

Sends a Kiss of Death packet to misbehaving clients. Only works when paired with the limited option.

limited

Enforce rate limits on clients. This does not apply to queries from ntpq/ntpdc or the show ntp <x> commands.

nomodify

Allows clients to query read only server state information, but does not allow them to make changes.

nopeer

Deny unauthorized associations. When using a server entry in pool mode, this should be present in the default restriction but not in the source restriction.

noquery

Deny ntpq/ntpdc/show ntp <x> queries for NTP daemon information. Does not affect NTP acting as a time server.

noserve

Disables time service. Still allows ntpq/ntpdc/show ntp <x> queries

notrap

Decline mode 6 trap service to clients.