|
|
12fd1e1 |
# Permit time synchronization with our time source, but do not
|
|
|
12fd1e1 |
# permit the source to query or modify the service on this system.
|
|
|
12fd1e1 |
|
|
|
12fd1e1 |
restrict default nomodify notrap noquery
|
|
cvsdist |
a2cf45e |
|
|
cvsdist |
c0b872c |
# Permit all access over the loopback interface. This could
|
|
cvsdist |
c0b872c |
# be tightened as well, but to do so would effect some of
|
|
cvsdist |
c0b872c |
# the administrative functions.
|
|
cvsdist |
c0b872c |
restrict 127.0.0.1
|
|
cvsdist |
c0b872c |
|
|
cvsdist |
a2cf45e |
|
|
cvsdist |
c0b872c |
# -- CLIENT NETWORK -------
|
|
cvsdist |
a2cf45e |
# Permit systems on this network to synchronize with this
|
|
cvsdist |
a2cf45e |
# time service. Do not permit those systems to modify the
|
|
cvsdist |
a2cf45e |
# configuration of this service. Also, do not use those
|
|
cvsdist |
a2cf45e |
# systems as peers for synchronization.
|
|
cvsdist |
ee9bcc8 |
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
|
|
cvsdist |
a2cf45e |
|
|
cvsdist |
c0b872c |
|
|
cvsdist |
c0b872c |
# --- OUR TIMESERVERS -----
|
|
|
12fd1e1 |
server 0.pool.ntp.org
|
|
|
12fd1e1 |
server 1.pool.ntp.org
|
|
|
12fd1e1 |
server 2.pool.ntp.org
|
|
cvsdist |
6726ef5 |
|
|
cvsdist |
c0b872c |
|
|
cvsdist |
c0b872c |
# --- NTP MULTICASTCLIENT ---
|
|
cvsdist |
c0b872c |
#multicastclient # listen on default 224.0.1.1
|
|
cvsdist |
ee9bcc8 |
# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap
|
|
cvsdist |
ee9bcc8 |
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
|
|
cvsdist |
c0b872c |
|
|
cvsdist |
c0b872c |
|
|
cvsdist |
c0b872c |
|
|
cvsdist |
c0b872c |
# --- GENERAL CONFIGURATION ---
|
|
cvsdist |
6726ef5 |
#
|
|
cvsdist |
6726ef5 |
# Undisciplined Local Clock. This is a fake driver intended for backup
|
|
cvsdist |
6726ef5 |
# and when no outside source of synchronized time is available. The
|
|
cvsdist |
6726ef5 |
# default stratum is usually 3, but in this case we elect to use stratum
|
|
cvsdist |
6726ef5 |
# 0. Since the server line does not have the prefer keyword, this driver
|
|
cvsdist |
6726ef5 |
# is never used for synchronization, unless no other other
|
|
cvsdist |
6726ef5 |
# synchronization source is available. In case the local host is
|
|
cvsdist |
6726ef5 |
# controlled by some external source, such as an external oscillator or
|
|
cvsdist |
6726ef5 |
# another protocol, the prefer keyword would cause the local host to
|
|
cvsdist |
6726ef5 |
# disregard all other synchronization sources, unless the kernel
|
|
cvsdist |
6726ef5 |
# modifications are in use and declare an unsynchronized condition.
|
|
cvsdist |
6726ef5 |
#
|
|
cvsdist |
6726ef5 |
server 127.127.1.0 # local clock
|
|
cvsdist |
6726ef5 |
fudge 127.127.1.0 stratum 10
|
|
cvsdist |
6726ef5 |
|
|
cvsdist |
6726ef5 |
#
|
|
cvsdist |
6726ef5 |
# Drift file. Put this in a directory which the daemon can write to.
|
|
cvsdist |
6726ef5 |
# No symbolic links allowed, either, since the daemon updates the file
|
|
cvsdist |
6726ef5 |
# by creating a temporary in the same directory and then rename()'ing
|
|
cvsdist |
6726ef5 |
# it to the file.
|
|
cvsdist |
6726ef5 |
#
|
|
cvsdist |
ac3eb03 |
driftfile /var/lib/ntp/drift
|
|
cvsdist |
6726ef5 |
broadcastdelay 0.008
|
|
cvsdist |
6726ef5 |
|
|
cvsdist |
6726ef5 |
#
|
|
cvsdist |
6726ef5 |
# Keys file. If you want to diddle your server at run time, make a
|
|
cvsdist |
6726ef5 |
# keys file (mode 600 for sure) and define the key number to be
|
|
cvsdist |
6726ef5 |
# used for making requests.
|
|
cvsdist |
576c192 |
#
|
|
cvsdist |
6726ef5 |
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
|
|
cvsdist |
576c192 |
# systems might be able to reset your clock at will. Note also that
|
|
cvsdist |
576c192 |
# ntpd is started with a -A flag, disabling authentication, that
|
|
cvsdist |
576c192 |
# will have to be removed as well.
|
|
cvsdist |
6726ef5 |
#
|
|
cvsdist |
a2cf45e |
keys /etc/ntp/keys
|