22.16.2. Configure Rate Limiting Access to an NTP Service
To enable rate limiting access to the
NTPservice running on a system, add the
limitedoption to the
restrictcommand as explained in Section 22.16.1, “Configure Access Control to an NTP Service”. If you do not want to use the default discard parameters, then also use the
discardcommand as explained here.
discardcommand takes the following form:
average— specifies the minimum average packet spacing to be permitted, it accepts an argument in log2 seconds. The default value is 3 (23 equates to 8 seconds).
minimum— specifies the minimum packet spacing to be permitted, it accepts an argument in log2 seconds. The default value is 1 (21 equates to 2 seconds).
monitor— specifies the discard probability for packets once the permitted rate limits have been exceeded. The default value is 3000 seconds. This option is intended for servers that receive 1000 or more requests per second.
Examples of the
discardcommand are as follows:
discard average 4
discard average 4 minimum 2