2 files changed, 38 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index 8fbce753..5152fb71 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -53,6 +53,7 @@ sysconf_DATA += sysconf/LICENSE
 sysconf_DATA += sysconf/logrotate_messages
 sysconf_DATA += sysconf/motd.tail
 sysconf_DATA += sysconf/syslog.conf
+sysconf_DATA += sysconf/ntp.conf
 sysconf_DATA += sysconf/default_ssh
 sysconf_DATA += sysconf/vyatta-sysctl.conf
 sysconf_DATA += sysconf/blacklist.DSA-1024
diff --git a/sysconf/ntp.conf b/sysconf/ntp.conf
new file mode 100644
index 00000000..86ee86c1
--- /dev/null
+++ b/sysconf/ntp.conf
@@ -0,0 +1,37 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+# You do need to talk to an NTP server or two (or three).
+server 0.vyatta.pool.ntp.org
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines.  Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
+