ntp: restrict NTP mode 6 queries

The current NTP server responds to mode 6 queries from any clients.
Devices that respond to these queries have the potential to be used in
NTP amplification attacks. An unauthenticated, remote attacker could
potentially exploit this, via a specially crafted mode 6 query, to cause
a reflected denial of service condition.

See: https://www.tenable.com/plugins/nessus/97861
     https://scan.shadowserver.org/ntpversion/

Update ntp.conf to restrict NTP mode 6 queries.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-networking/recipes-support/ntp/ntp/ntp.conf

@@ -14,4 +14,8 @@ driftfile /var/lib/ntp/drift
 server 127.127.1.0
 fudge 127.127.1.0 stratum 14
 # Defining a default security setting
-restrict default
+restrict -4 default notrap nomodify nopeer noquery
+restrict -6 default notrap nomodify nopeer noquery
+
+restrict 127.0.0.1    # allow local host
+restrict ::1          # allow local host