Comment 4 for bug 858493

What I was pointing out is that ntp listens to *:* when that's not actually needed to function as an ntp client. Here's an example from a server I was just setting up.

With ntpd:

$ sudo netstat -atpun | grep ntp
udp 0 0 myIP:123 0.0.0.0:* 31805/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 31805/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 31805/ntpd
udp6 0 0 ::1:123 :::* 31805/ntpd
udp6 0 0 myIP :::* 31805/ntpd
udp6 0 0 :::123 :::* 31805/ntpd

with openntpd:

$ sudo netstat -atpun | grep ntp
udp 0 0 myIP:57706 88.190.225.228:123 ESTABLISHED 32455/ntpd
udp 0 0 myIP:46760 188.40.33.81:123 ESTABLISHED 32455/ntpd
udp 0 0 myIP:33742 88.190.225.228:123 ESTABLISHED 32455/ntpd
udp 0 0 myIP:34625 85.10.199.217:123 ESTABLISHED 32455/ntpd

so it seems to be possible to have working NTP communication without opening up port 123 on all interfaces for everyone to connect. I assume that's why /etc/ntp.conf has all those restrict lines by default, whereas /etc/openntp/ntpd.conf only has server lines.

I know ntp restricts responses to localhost by default so someone that wants to actually run an ntp server needs to change ntp.conf anyway. It might as well take the next step and not bind to the interfaces at all so as to not be a potential security risk.