How to bind ntpd to a single address?

Darren Pilgrim darren.pilgrim at
Wed Jan 4 01:14:06 PST 2006

From: Matthew Seaman [mailto:m.seaman at] 
> Darren Pilgrim wrote:
> > I don't like (let alone want) ntpd binding to every IP address on
> > the host.  The man pages don't say anything about specifying a
> > binding address for ntpd.  A search of the sources and Google
> > also failed to reveal anything useful.
> > 
> > So how to I tell ntpd to bind to a specific IP address?
> ntpd doesn't have that functionality I'm afraid.  The next best you
> can do is review your /etc/ntpd.conf 'restrict' rules carefully and
> implement a firewall to control access to port 123/UDP.

The ntp.conf(5) man page isn't what I would consider well-written, so it's a
bit difficult understand how rules are applied.  For example, if I put:

restrict default noquery nopeer limited
restrict local_network/mask nomodify
restrict peerhost nomodify

Does that mean:

- Provide only rate-limited, non-peering time service by default.
- Provide unlimited time service to the local network and also let the local
network make read-only mode 6/7 queries.
- Peers are given the same treatment as the local network.
- Let localhost do anything.

More information about the freebsd-questions mailing list