Need some assistance configuring my ntp.conf file for my primary NTP server.
Does my configuration accomplish the following:
- Prevent the servers being polled from changing my configuration?
- Allow my peer to sync up?
- Allow clients to get time from my server?
Am I missing any further restrictions, options, etc?
# Servers
server time.example.com iburst
server time.example.net
server time.example.org
peer ntp2.mydomain.com
# Restrictions
# Servers
restrict time.example.com kod nomodify notrap nopeer noquery
restrict time.example.net kod nomodify notrap nopeer noquery
restrict time.example.org kod nomodify notrap nopeer noquery
# Peers
restrict ntp2.mydomain.com
# Clients
restrict 1.1.1.1 nomodify notrap
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
# Loopback
restrict 127.0.0.1
# Deny rest
restrict default ignore
restrict -6 default ignore
I also plan to modify iptables to only allow inbound connections from my 10.0.0.0/8 subnet and specific public hosted servers.
The other question I had was, could I remove the nopeer from the time.example.xxx hosts since they are servers and not peers? Or is it still required?
