The various NTP filters (rate limits, packet size limits) are negatively affecting the NTP Pool, the new secure NTP protocol (Network Time Security) and other clients. NTP filters were deployed several years ago to solve serious DDoS issues, I'm not second guessing those decisions. Changing the filters to instead block NTP mode 7, which cover monlist and other diagnostics, would improve NTP usability.