[9148] | 1 | # Permit time synchronization with our time source, but do not |
---|
| 2 | # permit the source to query or modify the service on this system. |
---|
| 3 | restrict default kod nomodify notrap nopeer noquery |
---|
| 4 | restrict -6 default kod nomodify notrap nopeer noquery |
---|
| 5 | |
---|
| 6 | # Permit all access over the loopback interface. This could |
---|
| 7 | # be tightened as well, but to do so would effect some of |
---|
| 8 | # the administrative functions. |
---|
| 9 | restrict 127.0.0.1 |
---|
| 10 | restrict -6 ::1 |
---|
| 11 | |
---|
| 12 | # Hosts on local network are less restricted. |
---|
| 13 | #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap |
---|
| 14 | |
---|
| 15 | # Disable monlist funtion |
---|
| 16 | disable monitor |
---|
| 17 | |
---|
| 18 | # Undisciplined Local Clock. This is a fake driver intended for backup |
---|
| 19 | # and when no outside source of synchronized time is available. The |
---|
| 20 | # default stratum is usually 3, but in this case we elect to use stratum |
---|
| 21 | # 0. Since the server line does not have the prefer keyword, this driver |
---|
| 22 | # is never used for synchronization, unless no other other |
---|
| 23 | # synchronization source is available. In case the local host is |
---|
| 24 | # controlled by some external source, such as an external oscillator or |
---|
| 25 | # another protocol, the prefer keyword would cause the local host to |
---|
| 26 | # disregard all other synchronization sources, unless the kernel |
---|
| 27 | # modifications are in use and declare an unsynchronized condition. |
---|
| 28 | # |
---|
| 29 | server 127.127.1.0 # local clock |
---|
| 30 | fudge 127.127.1.0 stratum 10 |
---|
| 31 | |
---|
| 32 | # NICT public ntp |
---|
| 33 | # http://www2.nict.go.jp/aeri/sts/tsp/PubNtp/index.html |
---|
| 34 | # pool ntp.nict.jp |
---|
| 35 | |
---|
| 36 | |
---|
| 37 | # Drift file. Put this in a directory which the daemon can write to. |
---|
| 38 | # No symbolic links allowed, either, since the daemon updates the file |
---|
| 39 | # by creating a temporary in the same directory and then rename()'ing |
---|
| 40 | # it to the file. |
---|
| 41 | # |
---|
| 42 | driftfile /etc/ntp/drift |
---|
| 43 | multicastclient # listen on default 224.0.1.1 |
---|
| 44 | broadcastdelay 0.008 |
---|
| 45 | |
---|
| 46 | # |
---|
| 47 | # Keys file. If you want to diddle your server at run time, make a |
---|
| 48 | # keys file (mode 600 for sure) and define the key number to be |
---|
| 49 | # used for making requests. |
---|
| 50 | # |
---|
| 51 | # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote |
---|
| 52 | # systems might be able to reset your clock at will. Note also that |
---|
| 53 | # ntpd is started with a -A flag, disabling authentication, that |
---|
| 54 | # will have to be removed as well. |
---|
| 55 | # |
---|
| 56 | #keys /etc/ntp/keys |
---|