NTP is an acronym for Network Time Protocol. It is used for clock synchronization between computers. The ntpd program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers.
The NTP is configured using ntp.conf located in /etc/ directory.
interface directive in /etc/ntp.conf
You can prevent ntpd to listen on 0.0.0.0:123 by setting the interface command. The syntax is:
interface listen IPv4|IPv6|all
interface ignore IPv4|IPv6|all
interface drop IPv4|IPv6|all
The above configures which network addresses ntpd listens or dropped without processing any requests. The ignore prevents opening matching addresses, drop causes ntpd to open the address and drop all received packets without examination. For example to ignore listing on all interfaces, add the following in /etc/ntp.conf:
interface ignore wildcard
To listen to only 127.0.0.1 and 192.168.1.1 addresses:
interface listen 127.0.0.1
interface listen 192.168.1.1
Here is my sample /etc/ntp.conf file from FreeBSD cloud server:
$ egrep -v '^#|$^' /etc/ntp.conf
Sample outputs:
tos minclock 3 maxclock 6 pool 0.freebsd.pool.ntp.org iburst restrict default limited kod nomodify notrap noquery nopeer restrict -6 default limited kod nomodify notrap noquery nopeer restrict source limited kod nomodify notrap noquery restrict 127.0.0.1 restrict -6 ::1 leapfile "/var/db/ntpd.leap-seconds.list" interface ignore wildcard interface listen 172.16.3.1 interface listen 10.105.28.1 |
Restart ntpd
Reload/restart the ntpd on a FreeBSD unix:
$ sudo /etc/rc.d/ntpd restart
OR use the following command on a Debian/Ubuntu Linux:
$ sudo systemctl restart ntp
OR use the following on a CentOS/RHEL 7/Fedora Linux:
$ sudo systemctl restart ntpd
Verification
Use the netstat command/ss command for verification or to make sure ntpd bind to the specific IP address only:
$ netstat -tulpn | grep :123
OR
$ ss -tulpn | grep :123
Sample outputs:
udp 0 0 10.105.28.1:123 0.0.0.0:* - udp 0 0 172.16.3.1:123 0.0.0.0:* - |
Use the sockstat command on a FreeBSD Unix server:
$ sudo sockstat
$ sudo sockstat -4
$ sudo sockstat -4 | grep :123
Sample outputs:
root ntpd 59914 22 udp4 127.0.0.1:123 *:* root ntpd 59914 24 udp4 127.0.1.1:123 *:* |
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 0 comments... add one ↓
Linux Network IP Accounting
Linux Network Statistics Tools / Commands
How to enable firewalld logging for denied packets on Linux
How To Set Up PF Firewall on FreeBSD to Protect a Web Server
CentOS / Red Hat Configure an NTP Client And Server
Debian / Ubuntu Linux Install NTPD To Synchronism Clock With Internet Standard Time Servers
Linux: Log Suspicious Martian Packets / Un-routable Source Addresses
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |