From b331c2f99c1217c6f4208159c64ca6a5b0053bc7 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 22 May 2016 16:40:50 +0200
Subject: Tunnel internal NTP traffic through IPSec.

More precisely, between our NTP-master (stratum 1) host and the other
machines (all stratum 2).  Providing authentification and integrity for
internal NTP traffic ensures a consistent time within our internal
infrastructure.
---
 roles/common/templates/etc/iptables/services.j2 | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'roles/common/templates/etc/iptables')

diff --git a/roles/common/templates/etc/iptables/services.j2 b/roles/common/templates/etc/iptables/services.j2
index 6bd2533..8450f00 100644
--- a/roles/common/templates/etc/iptables/services.j2
+++ b/roles/common/templates/etc/iptables/services.j2
@@ -16,12 +16,7 @@ out     tcp     9418                                    # GIT
 out     udp     53                                      # DNS
 out     udp     67                                      # DHCP
 out     tcp     22                                      # SSH
-{% if 'NTP-master' in group_names %}
-in      udp     123                                     # NTP
-out     udp     123                                     # NTP
-{% else %}
 out     udp     123      123                            # NTP
-{% endif %}
 
 in      tcp     {{ ansible_port|default('22') }}        # SSH
 {% if 'LDAP-provider' in group_names %}
-- 
cgit v1.2.3