From: | "Robin H. Johnson (robbat2)" <robbat2@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo-x86 commit in net-misc/ntp/files: ntp.conf |
Date: | Wed, 01 Jan 2014 23:59:58 |
Message-Id: | 20140101235955.C4AF82004B@flycatcher.gentoo.org |
1 | robbat2 14/01/01 23:59:55 |
2 | |
3 | Modified: ntp.conf |
4 | Log: |
5 | Secure default configuration (approved by NTP upstream per IRC): by default deny all non-time queries so that monlist-based NTP reflection attacks are blocked; Rate-limit queries and issue KoD for limit-exceeded; Ensure IPv6 localhost is allowed as it is used by default. |
6 | |
7 | (Portage version: 2.2.7/cvs/Linux x86_64, unsigned Manifest commit) |
8 | |
9 | Revision Changes Path |
10 | 1.20 net-misc/ntp/files/ntp.conf |
11 | |
12 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/files/ntp.conf?rev=1.20&view=markup |
13 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/files/ntp.conf?rev=1.20&content-type=text/plain |
14 | diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/files/ntp.conf?r1=1.19&r2=1.20 |
15 | |
16 | Index: ntp.conf |
17 | =================================================================== |
18 | RCS file: /var/cvsroot/gentoo-x86/net-misc/ntp/files/ntp.conf,v |
19 | retrieving revision 1.19 |
20 | retrieving revision 1.20 |
21 | diff -p -w -b -B -u -u -r1.19 -r1.20 |
22 | --- ntp.conf 20 Jun 2009 12:05:58 -0000 1.19 |
23 | +++ ntp.conf 1 Jan 2014 23:59:55 -0000 1.20 |
24 | @@ -38,10 +38,12 @@ driftfile /var/lib/ntp/ntp.drift |
25 | #restrict default ignore |
26 | |
27 | |
28 | -# To deny other machines from changing the |
29 | -# configuration but allow localhost: |
30 | -restrict default nomodify nopeer |
31 | +# Default configuration: |
32 | +# - Allow only time queries, at a limited rate, sending KoD when in excess. |
33 | +# - Allow all local queries (IPv4, IPv6) |
34 | +restrict default nomodify nopeer noquery limited kod |
35 | restrict 127.0.0.1 |
36 | +restrict [::1] |
37 | |
38 | |
39 | # To allow machines within your network to synchronize |