From 4e4cbdb3c9bbd20376da968c0b6f21e600c1973e Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Wed, 30 Aug 2017 14:25:46 +0200
Subject: [PATCH] ntpd: listen only on localhost by default

---
 ntpd/defaults/main.yml     | 1 +
 ntpd/templates/ntp.conf.j2 | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/ntpd/defaults/main.yml b/ntpd/defaults/main.yml
index c48a2dd4..5c5e9781 100644
--- a/ntpd/defaults/main.yml
+++ b/ntpd/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+ntpd_only_local: true
 ntpd_servers:
 - 'pool.ntp.org'
 ntpd_acls:
diff --git a/ntpd/templates/ntp.conf.j2 b/ntpd/templates/ntp.conf.j2
index e004ec6a..272bb43c 100644
--- a/ntpd/templates/ntp.conf.j2
+++ b/ntpd/templates/ntp.conf.j2
@@ -2,6 +2,11 @@
 
 driftfile /var/lib/ntp/ntp.drift
 
+{% if ntpd_only_local is defined and ntpd_only_local %}
+# Only listen on 127.0.0.1 and ::1
+interface ignore wildcard
+
+{% endif %}
 # Enable this if you want statistics to be logged.
 #statsdir /var/log/ntpstats/