Restricting NTP access

Here’s what I use in /etc/ntp.conf. The restrict lines below originated from Ubuntu. The iburst and maxpoll 9 settings are necessary in FreeBSD to avoid ntpd switching between PLL and FLL modes every now and then.

server your-server1 iburst maxpoll 9
server your-server2 iburst maxpoll 9
server your-server3 iburst maxpoll 9

server 127.127.1.0
fudge 127.127.1.0 stratum 10

restrict -4 default kod nomodify nopeer noquery notrap
restrict -6 default kod nomodify nopeer noquery notrap

restrict your-server1 nomodify nopeer noquery notrap
restrict your-server2 nomodify nopeer noquery notrap
restrict your-server3 nomodify nopeer noquery notrap

restrict -4 127.0.0.1
restrict -6 ::1

restrict 127.127.1.0

logconfig =clockall +peerall +sysall +syncall