1 | # Permit time synchronization with our time source, but do not |
---|
2 | # permit the source to query or modify the service on this system. |
---|
3 | restrict default kod nomodify notrap nopeer noquery |
---|
4 | restrict -6 default kod nomodify notrap nopeer noquery |
---|
5 | |
---|
6 | # Permit all access over the loopback interface. This could |
---|
7 | # be tightened as well, but to do so would effect some of |
---|
8 | # the administrative functions. |
---|
9 | restrict 127.0.0.1 |
---|
10 | restrict -6 ::1 |
---|
11 | |
---|
12 | # Hosts on local network are less restricted. |
---|
13 | #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap |
---|
14 | |
---|
15 | # Disable monlist funtion |
---|
16 | disable monitor |
---|
17 | |
---|
18 | # Undisciplined Local Clock. This is a fake driver intended for backup |
---|
19 | # and when no outside source of synchronized time is available. The |
---|
20 | # default stratum is usually 3, but in this case we elect to use stratum |
---|
21 | # 0. Since the server line does not have the prefer keyword, this driver |
---|
22 | # is never used for synchronization, unless no other other |
---|
23 | # synchronization source is available. In case the local host is |
---|
24 | # controlled by some external source, such as an external oscillator or |
---|
25 | # another protocol, the prefer keyword would cause the local host to |
---|
26 | # disregard all other synchronization sources, unless the kernel |
---|
27 | # modifications are in use and declare an unsynchronized condition. |
---|
28 | # |
---|
29 | server 127.127.1.0 # local clock |
---|
30 | fudge 127.127.1.0 stratum 10 |
---|
31 | |
---|
32 | # NICT public ntp |
---|
33 | # http://www2.nict.go.jp/aeri/sts/tsp/PubNtp/index.html |
---|
34 | # pool ntp.nict.jp |
---|
35 | |
---|
36 | |
---|
37 | # Drift file. Put this in a directory which the daemon can write to. |
---|
38 | # No symbolic links allowed, either, since the daemon updates the file |
---|
39 | # by creating a temporary in the same directory and then rename()'ing |
---|
40 | # it to the file. |
---|
41 | # |
---|
42 | driftfile /etc/ntp/drift |
---|
43 | multicastclient # listen on default 224.0.1.1 |
---|
44 | broadcastdelay 0.008 |
---|
45 | |
---|
46 | # |
---|
47 | # Keys file. If you want to diddle your server at run time, make a |
---|
48 | # keys file (mode 600 for sure) and define the key number to be |
---|
49 | # used for making requests. |
---|
50 | # |
---|
51 | # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote |
---|
52 | # systems might be able to reset your clock at will. Note also that |
---|
53 | # ntpd is started with a -A flag, disabling authentication, that |
---|
54 | # will have to be removed as well. |
---|
55 | # |
---|
56 | #keys /etc/ntp/keys |
---|