The ntp iptables rules date from the days when Unix Systems actually
ran ntp servers on Linux hosts.  Since the ntp service is now provided
by hardware appliances there is no need to allow inbound ntp
connections.  Remove the iptables rules allow inbound ntp connections
at Rob Riepel's suggestion.

Similarly remove restrict entries from ntp.conf that point at hosts
that are no longer ntp servers.  Be a bit more conservative and leave
the restrict to the current ntp servers.

Remove some iptables fragments that are no longer used to reduce
confusion.