[CentOS] deny other hosts from synchronizing time with NTP client

Tue Apr 22 09:07:19 UTC 2008
Simon Jolle <urandomdev at gmail.com>

Hi CentOS users

We are running CentOS 4.5 with NTP 4.2.0.

# cat /etc/ntp.conf
restrict default ignore
restrict dns1.xxx.xxx mask 255.255.255.0 nomodify notrap noquery
restrict dns2.xxx.xxx mask 255.255.255.0 nomodify notrap noquery
restrict 127.0.0.1
server dns1.xxx.xxx
server dns2.xxx.xxx
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
broadcastdelay 0.008
authenticate no

The problem is that other hosts are able to synchronize the time from
our servers. How to disable that?

# lsof -i :123
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
ntpd    4874  ntp    4u  IPv4  35805       UDP *:ntp
ntpd    4874  ntp    5u  IPv6  35806       UDP *:ntp
ntpd    4874  ntp    6u  IPv4  35807       UDP localhost.localdomain:ntp
ntpd    4874  ntp    7u  IPv4  35808       UDP xxx:ntp
ntpd    4874  ntp    8u  IPv4  35809       UDP xxx:ntp
ntpd    4874  ntp    9u  IPv4  35810       UDP xxx:ntp
ntpd    4874  ntp   10u  IPv4  35811       UDP xxx:ntp

NTP listens on every interface.

cheers
Simon

-- 
XMPP: sjolle at swissjabber.org