summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--defaults/main.yml3
-rw-r--r--templates/ntp.conf.j25
2 files changed, 6 insertions, 2 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
index a84e911..21d2b23 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,3 +8,6 @@ ntp_servers:
- 1.pool.ntp.org iburst
- 2.pool.ntp.org iburst
- 3.pool.ntp.org iburst
+ntp_restrict:
+ - 127.0.0.1
+ - ::1
diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2
index cc1e0f0..e06ff1e 100644
--- a/templates/ntp.conf.j2
+++ b/templates/ntp.conf.j2
@@ -26,8 +26,9 @@ restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
-restrict 127.0.0.1
-restrict ::1
+{% for item in ntp_restrict %}
+restrict {{ item }}
+{% endfor %}
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.