1 files changed, 6 insertions, 0 deletions

diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf
index 3f9582d7..4dc42c85 100644
--- a/modules/ntp/templates/ntp.conf
+++ b/modules/ntp/templates/ntp.conf
@@ -25,6 +25,12 @@ driftfile /var/lib/ntp/drift
 multicastclient			# listen on default 224.0.1.1
 broadcastdelay	0.008
 
+# http://www.kb.cert.org/vuls/id/348126
+restrict default nomodify notrap nopeer noquery
+restrict -6 default nomodify notrap nopeer noquery
+# https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300
+disable monitor
+
 #
 # Keys file.  If you want to diddle your server at run time, make a
 # keys file (mode 600 for sure) and define the key number to be