<% if @is_virtual == "true" -%> # Don't mind if the virtualized clock appears to be behaving erratically. tinker panic 0 <% end -%> <% if @ntp_strict == "true" -%> # By default deny everything. restrict -4 default ignore restrict -6 default ignore <% else -%> # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict -4 default nomodify notrap nopeer noquery restrict -6 default nomodify notrap nopeer noquery <% end -%> # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 nomodify <% if @ipv6enabled == "true" -%> restrict ::1 nomodify <% end -%> # Drift file. driftfile /var/lib/ntp/ntp.drift # Remote servers. <% @ntp_server.each do |server| -%> server <%= server %> <% if @ntp_strict == "true" -%> restrict <%= server %> nomodify notrap nopeer noquery <% end -%> <% end -%> <% if @is_virtual == "false" -%> # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. server 127.127.1.0 fudge 127.127.1.0 stratum 10 <% end -%> <% if @ntp_client_networks -%> # Restrictions for clients using us as source. <% @ntp_client_networks.each do |net| -%> <% addr, mask = net.split("/") -%> restrict <%= addr %> mask <%= mask %> nomodify notrap nopeer <% end -%> <% end -%>