Configuring NTP Access Restrictions for All IPv6 Addresses (SRC CLI)
By default, all the clients (any IPv4 or IPv6 addresses of any network) except localhost are restricted to access the NTP server. Some of the CLI commands (for example, show ntp status) will work only if the access to the localhost is allowed. So, we recommend you to not delete the access to the localhost. You can use the system ntp restrict default-v6 command to allow access for all IPv6 addresses to your NTP server and to configure NTP access restriction options for IPv6 addresses.
We recommend you to not delete or change the default restrictions available for the system ntp restrict default-v6 command to avoid vulnerabilities.
system ntp restrict default-v6{
kod;
nomodify;
nopeer;
noquery;
notrap;
}
To configure NTP access restrictions for all IPv6 addresses:
- From configuration mode, access the configuration statement
that restricts NTP access for all IPv6 addresses.[edit]user@host# edit system ntp restrict default-v6;
- Specify whether to send a kiss-of-death packet if the
client limit has exceeded.[edit system ntp restrict default-v6]user@host# set kod;
- Specify whether to restrict the client from making any
changes to the NTP configurations.[edit system ntp restrict default-v6]user@host# set nomodify;
- Specify whether to prevent the client from establishing
a peer association.[edit system ntp restrict default-v6]user@host# set nopeer;
- Specify whether to prevent the client from performing
ntpq and ntpdc queries, but not time queries.[edit system ntp restrict default-v6]user@host# set noquery;
- Specify whether to prevent the client from configuring
control message traps.[edit system ntp restrict default-v6]user@host# set notrap;