1## template:jinja
2
3# For more information about this file, see the man pages
4# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
5
6driftfile /var/lib/ntp/drift
7
8# Permit time synchronization with our time source, but do not
9# permit the source to query or modify the service on this system.
10restrict default nomodify notrap nopeer noquery
11
12# Permit all access over the loopback interface.  This could
13# be tightened as well, but to do so would effect some of
14# the administrative functions.
15restrict 127.0.0.1
16restrict ::1
17
18# Hosts on local network are less restricted.
19#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
20
21# Use public servers from the pool.ntp.org project.
22# Please consider joining the pool (http://www.pool.ntp.org/join.html).
23{% if pools %}# pools
24{% endif %}
25{% for pool in pools -%}
26pool {{pool}} iburst
27{% endfor %}
28{%- if servers %}# servers
29{% endif %}
30{% for server in servers -%}
31server {{server}} iburst
32{% endfor %}
33
34#broadcast 192.168.1.255 autokey	# broadcast server
35#broadcastclient			# broadcast client
36#broadcast 224.0.1.1 autokey		# multicast server
37#multicastclient 224.0.1.1		# multicast client
38#manycastserver 239.255.254.254		# manycast server
39#manycastclient 239.255.254.254 autokey # manycast client
40
41# Enable public key cryptography.
42#crypto
43
44includefile /etc/ntp/crypto/pw
45
46# Key file containing the keys and key identifiers used when operating
47# with symmetric key cryptography.
48keys /etc/ntp/keys
49
50# Specify the key identifiers which are trusted.
51#trustedkey 4 8 42
52
53# Specify the key identifier to use with the ntpdc utility.
54#requestkey 8
55
56# Specify the key identifier to use with the ntpq utility.
57#controlkey 8
58
59# Enable writing of statistics records.
60#statistics clockstats cryptostats loopstats peerstats
61
62# Disable the monitoring facility to prevent amplification attacks using ntpdc
63# monlist command when default restrict does not include the noquery flag. See
64# CVE-2013-5211 for more details.
65# Note: Monitoring will not be disabled with the limited restriction flag.
66disable monitor
67