NTPD : Listen only on lo interface by default

evolinux-base/defaults/main.yml

@@ -95,6 +95,7 @@ evolinux_system_alert5_init: True
 evolinux_system_alert5_enable: True
 evolinux_system_eni_auto: True
 
+evolinux_system_ntprestrict: True
 evolinux_system_set_ntpserver: True
 evolinux_system_ntpserver: "ntp.evolix.net"
 

evolinux-base/handlers/main.yml

@@ -71,3 +71,8 @@
   service:
     name: postfix
     state: reloaded
+
+- name: restart ntp
+  service:
+    name: ntp
+    state: restarted

evolinux-base/tasks/system.yml

@@ -112,7 +112,15 @@
   - {regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
   when: evolinux_system_cron_random
 
+# NTP listen retriction
+- name: Listen only on lo interface
+
 # NTP server address
+  lineinfile:
+    dest: /etc/ntp.conf
+    line: "interface ignore wildcard"
+  notify: restart ntp
+  when: evolinux_system_ntprestrict
 
 - name: Configure NTP
   replace:
@@ -120,6 +128,7 @@
     regexp: "^server .*$"
     replace: "server {{ evolinux_system_ntpserver }}"
     backup: yes
+  notify: restart ntp
   when: evolinux_system_set_ntpserver
 
 ## alert5