From 42b916a7830ad0248de2dc264c9c12cf2df2dff8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Tue, 3 Jan 2012 15:54:30 +0200
Subject: [PATCH] Added support for setting network addresses from where
 clients can query time.

---
 ntpd/manifests/init.pp      | 4 ++++
 ntpd/templates/ntp.conf.erb | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/ntpd/manifests/init.pp b/ntpd/manifests/init.pp
index fb14b63..6550a01 100644
--- a/ntpd/manifests/init.pp
+++ b/ntpd/manifests/init.pp
@@ -5,6 +5,10 @@
 #   $ntp_server:
 #       Array of NTP servers.
 #
+#   $ntp_client_networks:
+#       Array of networks that are allowed to query this server in format
+#       [ "192.168.1.0/255.255.255.0", "192.168.2.0/255.255.255.0", ].
+#
 class ntpd {
 
     if !$ntp_server {
diff --git a/ntpd/templates/ntp.conf.erb b/ntpd/templates/ntp.conf.erb
index 5ebd9e5..9e978db 100644
--- a/ntpd/templates/ntp.conf.erb
+++ b/ntpd/templates/ntp.conf.erb
@@ -26,3 +26,10 @@ server <%= server %>
 server 127.127.1.0
 fudge  127.127.1.0 stratum 10
 <% end -%>
+<% if ntp_client_networks -%>
+
+# Restrictions for clients using us as source.
+<%     ntp_client_networks.each do |net| -%>
+restrict <%= net.split("/")[0] %> mask <%= net.split("/")[1] %> nomodify notrap
+<%     end -%>
+<% end -%>