Configure NTP.

We use a "master" NTP server, which synchronizes against stratum 1 servers (hence is a stratum 2 itself); all other clients synchronize to this master server through IPSec.
author: Guilhem Moulin <guilhem@fripost.org> 2013-12-08 00:12:01 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:51:12 +0200
commit: 5b209a8e337f03683c45d0eb6029e2321cc3e82b (patch)
tree: 0f127d63468ae68927429313596ad3b470ccb205 /roles/common/templates/etc/iptables
parent: c79f18ff9a04a7534dba3c288bc9606f17786b16 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/roles/common/templates/etc/iptables/services.j2 b/roles/common/templates/etc/iptables/services.j2
index 5243ae1..2a36932 100644
--- a/roles/common/templates/etc/iptables/services.j2
+++ b/roles/common/templates/etc/iptables/services.j2
@@ -4,13 +4,17 @@
 # direction              protocol     destination port            source port
 # (in|out|inout)[46]?    (tcp|udp|..) (port|port:port|port,port)  (port|port:port|port,port)
 
-inout   udp     500    500                              # ISAKMP
+inout   udp     500      500                            # ISAKMP
 #inout   udp     4500    4500    # IPSec NAT Traversal
 
 out     tcp     80,443                                  # HTTP/HTTPS
 out     udp     53                                      # DNS
 out     udp     67                                      # DHCP
 
+{% if 'NTP-master' in group_names %}
+out     udp     123      123                            # NTP
+{% endif %}
+
 in      tcp     {{ ansible_ssh_port|default('22') }}    # SSH
 {% if 'MX' in group_names %}
 in      tcp     25                                      # SMTP
author	Guilhem Moulin <guilhem@fripost.org>	2013-12-08 00:12:01 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:51:12 +0200
commit	5b209a8e337f03683c45d0eb6029e2321cc3e82b (patch)
tree	0f127d63468ae68927429313596ad3b470ccb205 /roles/common/templates/etc/iptables
parent	c79f18ff9a04a7534dba3c288bc9606f17786b16 (diff)