From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 19 Jun 2011 17:53:22 +0000 (+0100)
Subject: local, vampire, ibanez: Centralize definition of NTP servers.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/1ee6211dcd0063197621004e6c7073bd801b8efe

local, vampire, ibanez: Centralize definition of NTP servers.

We now have multiple independent NTP servers, so it makes sense to
have the list of upstream servers in only one place.  Make it so.
---

diff --git a/ibanez.m4 b/ibanez.m4
index f826e04..384bd17 100644
--- a/ibanez.m4
+++ b/ibanez.m4
@@ -49,7 +49,7 @@ allowservices inbound tcp \
 	ssh
 
 ## We have to provide NTP service.  The guests sync to our clock.
-ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2
+ntpclient inbound $ntp_servers
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------
diff --git a/local.m4 b/local.m4
index b9fa700..0d67a97 100644
--- a/local.m4
+++ b/local.m4
@@ -51,6 +51,9 @@ defiface $if_trusted \
 	safe:172.29.199.64/27 \
 	untrusted:default
 
+## Default NTP servers.
+ntp_servers="158.152.1.76 158.152.1.204 194.159.253.2 195.173.57.232"
+
 m4_divert(60)m4_dnl
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.
diff --git a/vampire.m4 b/vampire.m4
index 6dc3710..f6f5d46 100644
--- a/vampire.m4
+++ b/vampire.m4
@@ -86,7 +86,7 @@ run iptables -A OUTPUT -m multiport \
 
 ## Other interesting things.
 dnsresolver inbound
-ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2
+ntpclient inbound $ntp_servers
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------