1ntp_acc(5) File Formats Manual ntp_acc(5)
2
6 ntp_acc - Access Control Options
7
10 The ntpd daemon implements a general purpose access control list (ACL)
11 containing address/match entries sorted first by increasing address
12 values and then by increasing mask values. A match occurs when the bit‐
13 wise AND of the mask and the packet source address is equal to the bit‐
14 wise AND of the mask and address in the list. The list is searched in
15 order with the last match found defining the restriction flags associ‐
16 ated with the entry.
17 An example may clarify how it works. Our campus has two class-B net‐
19 works, 128.4 for the ECE and CIS departments and 128.175 for the rest
20 of campus. Let's assume (not true!) that subnet 128.4.1 homes critical
21 services like class rosters and spread sheets. A suitable ACL might be
22 restrict default nopeer # deny new associations
24 restrict 128.175.0.0 mask 255.255.0.0 # allow campus access
25 restrict 128.4.0.0 mask 255.255.0.0 none # allow ECE and CIS access
26 restrict 128.4.1.0 mask 255.255.255.0 notrust # require authentication on subnet 1
27 restrict time.nist.gov # allow access
28 While this facility may be useful for keeping unwanted, broken or mali‐
30 cious clients from congesting innocent servers, it should not be con‐
31 sidered an alternative to the NTP authentication facilities. Source
32 address based restrictions are easily circumvented by a determined
33 cracker.
34
37 discard [ average avg ][ minimum min ] [ monitor prob ]
38 Set the parameters of the rate control facility which protects
39 the server from client abuse. If the limited flag is present in
40 the ACL, packets that violate these limits are discarded. If in
41 addition the kod restriction is present, a kiss-o'-death packet
42 is returned.
43 average avg
46 Specify the minimum average interpacket spacing (mini‐
47 mum average headway time) in log2 s with default 3.
48 minimum min
50 Specify the minimum interpacket spacing (guard time) in
51 log2 s with default 1.
52 monitor Specify the probability of discard for packets that
54 overflow the rate-control window. This is a performance
55 optimization for servers with aggregate arrivals of
56 1000 packets per second or more.
57 restrict address [mask mask] [flag][...]
60 The address argument expressed in dotted-quad form is the
61 address of a host or network. Alternatively, the address argu‐
62 ment can be a valid host DNS name, but it must be resolvable at
63 the time when ntpd is started and if it's resolved to multiple
64 addresses, only the first address will be added to the list.
65 The mask argument expressed in dotted-quad form defaults to
66 255.255.255.255, meaning that the address is treated as the
67 address of an individual host. A default entry (address
68 0.0.0.0, mask 0.0.0.0) is always included and is always the
69 first entry in the list. Note that the text string default,
70 with no mask option, may be used to indicate the default entry.
71 Some flags have the effect to deny service, some have the
72 effect to enable service and some are conditioned by other
73 flags. The flags. are not orthogonal, in that more restrictive
74 flags will often make less restrictive ones redundant. The
75 flags that deny service are classed in two categories, those
76 that restrict time service and those that restrict informa‐
77 tional queries and attempts to do run-time reconfiguration of
78 the server. One or more of the following flags may be speci‐
79 fied:
80 flake Discard received NTP packets with probability 0.1; that
83 is, on average drop one packet in ten. This is for
84 testing and amusement. The name comes from Bob Braden's
85 flakeway, which once did a similar thing for early
86 Internet testing.
87 ignore Deny packets of all kinds, including ntpq and ntpdc
89 queries.
90 kod Send a kiss-o'-death (KoD) packet if the limited flag
92 is present and a packet violates the rate limits estab‐
93 lished by the discard command. KoD packets are them‐
94 selves rate limited for each source address separately.
95 If this flag is not present, packets that violate the
96 rate limits are discarded.
97 limited Deny time service if the packet violates the rate lim‐
99 its established by the discard command. This does not
100 apply to ntpq and ntpdc queries.
101 lowpriotrap
103 Declare traps set by matching hosts to be low priority.
104 The number of traps a server can maintain is limited
105 (the current limit is 3). Traps are usually assigned on
106 a first come, first served basis, with later trap
107 requestors being denied service. This flag modifies the
108 assignment algorithm by allowing low priority traps to
109 be overridden by later requests for normal priority
110 traps.
111 mssntp Enable Microsoft Windows MS-SNTP authentication using
113 Active Directory services. Note: Potential users should
114 be aware that these services involve a TCP connection
115 to another process that could potentially block, deny‐
116 ing services to other users. Therefore, this flag
117 should be used only for a dedicated server with no
118 clients other than MS-SNTP.
119 nomodify
121 Deny ntpq and ntpdc queries which attempt to modify the
122 state of the server (i.e., run time reconfiguration).
123 Queries which return information are permitted.
124 noquery Deny ntpq and ntpdc queries. Time service is not
126 affected.
127 nopeer Deny packets that might mobilize an association unless
129 authenticated. This includes broadcast, symmetric-
130 active and manycast server packets when a configured
131 association does not exist. Note that this flag does
132 not apply to packets that do not attempt to mobilize an
133 association.
134 noserve Deny all packets except ntpq and ntpdc queries.
136 notrap Decline to provide mode 6 control message trap service
138 to matching hosts. The trap service is a subsystem of
139 the ntpdc control message protocol which is intended
140 for use by remote event logging programs.
141 notrust Deny packets that are not cryptographically authenti‐
143 cated. Note carefully how this flag interacts with the
144 auth option of the enable and disable commands. If auth
145 is enabled, which is the default, authentication is
146 required for all packets that might mobilize an associ‐
147 ation. If auth is disabled, but the notrust flag is not
148 present, an association can be mobilized whether or not
149 authenticated. If auth is disabled, but the notrust
150 flag is present, authentication is required only for
151 the specified address/mask range.
152 ntpport
154 non-ntpport
156 This is actually a match algorithm modifier, rather
157 than a restriction flag. Its presence causes the
158 restriction entry to be matched only if the source port
159 in the packet is the standard NTP UDP port (123). Both
160 ntpport and non-ntpport may be specified. The ntpport
161 is considered more specific and is sorted later in the
162 list.
163 version Deny packets that do not match the current NTP version.
165 Default restriction list entries with the flags ignore, ntpport, for
167 each of the local host's interface addresses are inserted into the ta‐
168 ble at startup to prevent the server from attempting to synchronize to
169 its own time. A default entry is also always present, though if it is
170 otherwise unconfigured; no flags are associated with the default entry
171 (i.e., everything besides your own NTP server is unrestricted).
172
175 ntp.conf(5)
176 The official HTML documentation.
178 This file was automatically generated from HTML source.
180 ntp_acc(5)