pfSense

There is a bug in system.inc in generating the custom access restrictions:

    /* Custom Access Restrictions */
    if (is_array($config['ntpd']['restrictions']) && is_array($config['ntpd']['restrictions']['row'])) {
        $networkacl = $config['ntpd']['restrictions']['row'];
        foreach ($networkacl as $acl) {
            $ntpcfg .= "\nrestrict ";
            if (is_ipaddrv6($acl['acl_network'])) {
                $ntpcfg .= "-6 {$acl['acl_network']} mask " . gen_subnet_mask_v6($acl['mask']) . " ";
            } elseif (is_ipaddrv4($acl['acl_network'])) {
                $ntpcfg .= "{$acl['acl_network']} mask " . gen_subnet_mask($acl['mask']) . " ";
            } else {
                continue;

The ipv6 indicator "-6" should be removed. See this document: http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.2.1.
The last line says: (the '-6' option leads to a syntax error. It is working without '-6' as shown above)

Furthermore and this is not really a bug but more a proposal: please remove "maxpoll 9", because this was an old workaround for a bug (pll/fll flipping) that doesn't exist anymore.
Maybe even better to make minpoll/maxpoll settings a choice ;)

$ntpcfg .= "\n\n# Upstream Servers\n";
    /* foreach through ntp servers and write out to ntpd.conf */
    foreach (explode(' ', $config['system']['timeservers']) as $ts) {
        $ntpcfg .= "server {$ts} iburst maxpoll 9";
        if (substr_count($config['ntpd']['prefer'], $ts)) {
            $ntpcfg .= ' prefer';
        }
        if (substr_count($config['ntpd']['noselect'], $ts)) {
            $ntpcfg .= ' noselect';
        }
        $ntpcfg .= "\n";
    }
    unset($ts);

Thank you.