I wanted to tighten my security so I don't want to open any ports that are not really needed. I have no intentions of running an ntp server for other people to use, I only run the ntp daemon to keep the local clock synced, so I added these two lines to my /etc/ntp.conf:
interface ignore wildcard
interface listen lo
But after that, ntpd seems not to be able to reach servers, as experienced by:
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
secondary.cleve .INIT. 16 - - 64 0 0.000 0.000 0.000
time.videxio.ne .INIT. 16 - - 64 0 0.000 0.000 0.000
ns0.luns.net.uk .INIT. 16 - - 64 0 0.000 0.000 0.000
rigel.retrosnub .INIT. 16 - - 64 0 0.000 0.000 0.000
europium.canoni .INIT. 16 - - 64 0 0.000 0.000 0.000
It seems that configuration is making nptd not use those interfaces at all, not even to connect to other servers.
Does ntpd need to listen on external interfaces to be able sync the clock?
Best Answer
As far as I can tell, ignore means don't open the adress/port, drop means open but ignore any and all traffic (though it might be able to use them still). So yeah, it seems to need the interface bound..
Reference: http://www.eecis.udel.edu/~mills/ntp/html/miscopt.html#interface