1## template:jinja 2 3# For more information about this file, see the man pages 4# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). 5 6driftfile /var/lib/ntp/drift 7 8# Permit time synchronization with our time source, but do not 9# permit the source to query or modify the service on this system. 10restrict default nomodify notrap nopeer noquery 11 12# Permit all access over the loopback interface. This could 13# be tightened as well, but to do so would effect some of 14# the administrative functions. 15restrict 127.0.0.1 16restrict ::1 17 18# Hosts on local network are less restricted. 19#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap 20 21# Use public servers from the pool.ntp.org project. 22# Please consider joining the pool (http://www.pool.ntp.org/join.html). 23{% if pools %}# pools 24{% endif %} 25{% for pool in pools -%} 26pool {{pool}} iburst 27{% endfor %} 28{%- if servers %}# servers 29{% endif %} 30{% for server in servers -%} 31server {{server}} iburst 32{% endfor %} 33 34#broadcast 192.168.1.255 autokey # broadcast server 35#broadcastclient # broadcast client 36#broadcast 224.0.1.1 autokey # multicast server 37#multicastclient 224.0.1.1 # multicast client 38#manycastserver 239.255.254.254 # manycast server 39#manycastclient 239.255.254.254 autokey # manycast client 40 41# Enable public key cryptography. 42#crypto 43 44includefile /etc/ntp/crypto/pw 45 46# Key file containing the keys and key identifiers used when operating 47# with symmetric key cryptography. 48keys /etc/ntp/keys 49 50# Specify the key identifiers which are trusted. 51#trustedkey 4 8 42 52 53# Specify the key identifier to use with the ntpdc utility. 54#requestkey 8 55 56# Specify the key identifier to use with the ntpq utility. 57#controlkey 8 58 59# Enable writing of statistics records. 60#statistics clockstats cryptostats loopstats peerstats 61 62# Disable the monitoring facility to prevent amplification attacks using ntpdc 63# monlist command when default restrict does not include the noquery flag. See 64# CVE-2013-5211 for more details. 65# Note: Monitoring will not be disabled with the limited restriction flag. 66disable monitor 67