svn commit: r335950 - stable/10/etc

Ian Lepore ian at FreeBSD.org
Wed Jul 4 14:10:37 UTC 2018 

Author: ian
Date: Wed Jul  4 14:10:36 2018
New Revision: 335950
URL: https://svnweb.freebsd.org/changeset/base/335950

Log:
  MFC r335595-r335596
  
  r335595:
  Modernize usage of "restrict" keyword in ntp.conf
  
  It is no longer necessary to specify a -4/-6 flag on any ntp.conf
  keyword.  The address type is inferred from the address itself as
  necessary.  "restrict default" statements always apply to both address
  families regardless of any -4/-6 flag that may be present.
  
  So this change just tidies up our default config by removing the redundant
  restrict -6 statement and comment, and by removing the -6 flag from the
  restrict keyword that allows access from localhost.
  
  This change was inspired by the patches provided in PRs 201803 and 210245,
  and included some contrib/ntp code inspection to verify that the -4/-6
  keywords are basically no-ops in all contexts now.
  
  PR:		201803 210245
  Differential Revision:	https://reviews.freebsd.org/D15974
  
  r335596:
  Fix a comment; the ntp leaplist file is updated periodically, but not weekly
  (it's only updated when a check shows it's within 30 days of expiring).
  
  PR:		207138

Modified:
  stable/10/etc/ntp.conf
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/etc/ntp.conf
==============================================================================
--- stable/10/etc/ntp.conf	Wed Jul  4 14:04:23 2018	(r335949)
+++ stable/10/etc/ntp.conf	Wed Jul  4 14:10:36 2018	(r335950)
@@ -62,15 +62,13 @@ pool 0.freebsd.pool.ntp.org iburst
 # See http://support.ntp.org/bin/view/Support/AccessRestrictions
 # for more information.
 #
-restrict    default limited kod nomodify notrap noquery nopeer
-restrict -6 default limited kod nomodify notrap noquery nopeer
-restrict    source  limited kod nomodify notrap noquery
+restrict default limited kod nomodify notrap noquery nopeer
+restrict source  limited kod nomodify notrap noquery
 
 #
 # Alternatively, the following rules would block all unauthorized access.
 #
 #restrict default ignore
-#restrict -6 default ignore
 #
 # In this case, all remote NTP time servers also need to be explicitly
 # allowed or they would not be able to exchange time information with
@@ -85,7 +83,7 @@ restrict    source  limited kod nomodify notrap noquer
 #
 # The following settings allow unrestricted access from the localhost
 restrict 127.0.0.1
-restrict -6 ::1
+restrict ::1
 
 #
 # If a server loses sync with all upstream servers, NTP clients
@@ -101,6 +99,6 @@ restrict -6 ::1
 # See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
 # for documentation regarding leapfile. Updates to the file can be obtained
 # from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
-# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db.
+# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db.
 #leapfile "/etc/ntp/leap-seconds"
 leapfile "/var/db/ntpd.leap-seconds.list"

More information about the svn-src-all mailing list