Will you take advice from me, too?
Not by itself, but you can set up a combination of "restrict" items to
do what you want.
You start by totally plugging NTP's ears with "restrict default ignore".
That closes off everything (ignore) for everybody (default), servers and
Then you have to un-restrict any servers you want to use. For example,
"restrict ntp.isp.mine". Because this is a more specific restriction, it
overrides the one for "default", and it overrides "ignore" with an empty
set of restrictions. So this server is no longer restricted at all. If
that's not what you want, configure what you do want instead.
The restrict statement can work on ranges of IP addresses by including
the "mask" keyword. "Restrict 192.168.253.0 mask 255.255.255.0" sets
no-restrictions for IP addresses 192.168.253.x.
Less restrictive things than a total "ignore" can be built from other
available keywords, which I haven't mentioned here at all.
Surf to ntp.isc.org, "NTP support" (under "Webs" in the left pane),
section 6 "Configuring NTP", section 6.4 "ntpd access restrictions".
That's where I looked it up.