The ntp iptables rules date from the days when Unix Systems actually
ran ntp servers on Linux hosts.  Since the ntp service is now provided
by hardware appliances there is no need to allow inbound ntp
connections.  Remove the iptables rules allow inbound ntp connections
at Rob Riepel's suggestion.

Similarly remove restrict entries from ntp.conf that point at hosts
that are no longer ntp servers.  Be a bit more conservative and leave
the restrict to the current ntp servers.

Remove some iptables fragments that are no longer used to reduce
confusion.

Globally disable monlist in all the ntp.conf variations to protect
against use of monlist to launch UDP-based DoS attacks.  This was
probably already prevented by firewall rules, but may as well make
sure.

This is the (old) master branch along with the fixes to the
cron file permissions that Russ made.