Gentoo Archives: gentoo-commits

From:	"Robin H. Johnson (robbat2)" <robbat2@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-misc/ntp/files: ntp.conf
Date:	Wed, 01 Jan 2014 23:59:58
Message-Id:	`20140101235955.C4AF82004B@flycatcher.gentoo.org`

1	robbat2 14/01/01 23:59:55
2
3	Modified: ntp.conf
4	Log:
5	Secure default configuration (approved by NTP upstream per IRC): by default deny all non-time queries so that monlist-based NTP reflection attacks are blocked; Rate-limit queries and issue KoD for limit-exceeded; Ensure IPv6 localhost is allowed as it is used by default.
6
7	(Portage version: 2.2.7/cvs/Linux x86_64, unsigned Manifest commit)
8
9	Revision Changes Path
10	1.20 net-misc/ntp/files/ntp.conf
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/files/ntp.conf?rev=1.20&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/files/ntp.conf?rev=1.20&content-type=text/plain
14	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/files/ntp.conf?r1=1.19&r2=1.20
15
16	Index: ntp.conf
17	===================================================================
18	RCS file: /var/cvsroot/gentoo-x86/net-misc/ntp/files/ntp.conf,v
19	retrieving revision 1.19
20	retrieving revision 1.20
21	diff -p -w -b -B -u -u -r1.19 -r1.20
22	--- ntp.conf 20 Jun 2009 12:05:58 -0000 1.19
23	+++ ntp.conf 1 Jan 2014 23:59:55 -0000 1.20
24	@@ -38,10 +38,12 @@ driftfile /var/lib/ntp/ntp.drift
25	#restrict default ignore
26
27
28	-# To deny other machines from changing the
29	-# configuration but allow localhost:
30	-restrict default nomodify nopeer
31	+# Default configuration:
32	+# - Allow only time queries, at a limited rate, sending KoD when in excess.
33	+# - Allow all local queries (IPv4, IPv6)
34	+restrict default nomodify nopeer noquery limited kod
35	restrict 127.0.0.1
36	+restrict [::1]
37
38
39	# To allow machines within your network to synchronize

Report Message

Find on MARC Find on Google Groups