ljchuello · September 28, 2023 01:52
diff --git a/ntp.conf b/ntp.conf
 # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

 driftfile /var/lib/ntp/ntp.drift

 # Leap seconds definition provided by tzdata
 leapfile /usr/share/zoneinfo/leap-seconds.list

 # Enable this if you want statistics to be logged.
 #statsdir /var/log/ntpstats/

 statistics loopstats peerstats clockstats
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable


 # You do need to talk to an NTP server or two (or three).
 #server ntp.your-provider.example

 # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
 # pick a different set every time it starts up.  Please consider joining the
 # pool: <http://www.pool.ntp.org/join.html>
 #pool 0.debian.pool.ntp.org iburst
 #pool 1.debian.pool.ntp.org iburst
 #pool 2.debian.pool.ntp.org iburst
 #pool 3.debian.pool.ntp.org iburst

 pool time1.google.com iburst
 pool time2.google.com iburst
 pool time3.google.com iburst
 pool time4.google.com iburst

 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
 # details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
 # might also be helpful.
 #
 # Note that "restrict" applies to both servers and clients, so a configuration
 # that might be intended to block requests from certain clients could also end
 # up blocking replies from your own upstream servers.

 # By default, exchange time with everybody, but don't allow configuration.
 restrict -4 default kod notrap nomodify nopeer noquery limited
 restrict -6 default kod notrap nomodify nopeer noquery limited

 # Local users may interrogate the ntp server more closely.
 restrict 127.0.0.1
 restrict ::1

 # Needed for adding pool entries
 restrict source notrap nomodify noquery

 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.
 #restrict 192.168.123.0 mask 255.255.255.0 notrust


 # If you want to provide time to your local subnet, change the next line.
 # (Again, the address is an example only.)
 #broadcast 192.168.123.255

 # If you want to listen to time broadcasts on your local subnet, de-comment the
 # next lines.  Please do this only if you trust everybody on the network!
 #disable auth
 #broadcastclient
	# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

	driftfile /var/lib/ntp/ntp.drift

	# Leap seconds definition provided by tzdata
	leapfile /usr/share/zoneinfo/leap-seconds.list

	# Enable this if you want statistics to be logged.
	#statsdir /var/log/ntpstats/

	statistics loopstats peerstats clockstats
	filegen loopstats file loopstats type day enable
	filegen peerstats file peerstats type day enable
	filegen clockstats file clockstats type day enable


	# You do need to talk to an NTP server or two (or three).
	#server ntp.your-provider.example

	# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
	# pick a different set every time it starts up. Please consider joining the
	# pool: <http://www.pool.ntp.org/join.html>
	#pool 0.debian.pool.ntp.org iburst
	#pool 1.debian.pool.ntp.org iburst
	#pool 2.debian.pool.ntp.org iburst
	#pool 3.debian.pool.ntp.org iburst

	pool time1.google.com iburst
	pool time2.google.com iburst
	pool time3.google.com iburst
	pool time4.google.com iburst

	# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
	# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
	# might also be helpful.
	#
	# Note that "restrict" applies to both servers and clients, so a configuration
	# that might be intended to block requests from certain clients could also end
	# up blocking replies from your own upstream servers.

	# By default, exchange time with everybody, but don't allow configuration.
	restrict -4 default kod notrap nomodify nopeer noquery limited
	restrict -6 default kod notrap nomodify nopeer noquery limited

	# Local users may interrogate the ntp server more closely.
	restrict 127.0.0.1
	restrict ::1

	# Needed for adding pool entries
	restrict source notrap nomodify noquery

	# Clients from this (example!) subnet have unlimited access, but only if
	# cryptographically authenticated.
	#restrict 192.168.123.0 mask 255.255.255.0 notrust


	# If you want to provide time to your local subnet, change the next line.
	# (Again, the address is an example only.)
	#broadcast 192.168.123.255

	# If you want to listen to time broadcasts on your local subnet, de-comment the
	# next lines. Please do this only if you trust everybody on the network!
	#disable auth
	#broadcastclient