ansible-config/roles/ntp-server/templates/ntp.conf.j2

45 lines
1.2 KiB
Django/Jinja

#
# ACTHUNG:
#
# Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
#
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntpstats/ntp.log
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 127.127.1.0
fudge 127.127.1.0 stratum 10
server ptbtime1.ptb.de
server ptbtime2.ptb.de
server ptbtime3.ptb.de
server 0.de.pool.ntp.org
server 1.de.pool.ntp.org
# Restrict all incoming connection
restrict -4 default ignore
restrict -6 default ignore
restrict 192.53.103.108 nomodify notrap nopeer noquery
restrict 192.53.103.104 nomodify notrap nopeer noquery
restrict 192.53.103.103 nomodify notrap nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict -6 ::1
# Disable the monlist request as this is associated with ntp
# amplification attacks
disable monitor
restrict {{ ffhh.prefix4.split("/")[0] }} mask {{ ffhh.prefix4 | ipaddr('netmask') }} nomodify notrap nopeer
restrict {{ ffhh.prefix6.split("/")[0] }} mask {{ ffhh.prefix6 | ipaddr('netmask') }} nomodify notrap nopeer