svn commit: r335595 - head/etc

Xin LI delphij at gmail.com
Sun Jun 24 04:24:39 UTC 2018 

Oh thanks for that.  Is there a plan to MFC?
On Sat, Jun 23, 2018 at 8:29 PM Ian Lepore <ian at freebsd.org> wrote:
>
> Author: ian
> Date: Sun Jun 24 03:29:00 2018
> New Revision: 335595
> URL: https://svnweb.freebsd.org/changeset/base/335595
>
> Log:
>   Modernize usage of "restrict" keyword in ntp.conf
>
>   It is no longer necessary to specify a -4/-6 flag on any ntp.conf
>   keyword.  The address type is inferred from the address itself as
>   necessary.  "restrict default" statements always apply to both address
>   families regardless of any -4/-6 flag that may be present.
>
>   So this change just tidies up our default config by removing the redundant
>   restrict -6 statement and comment, and by removing the -6 flag from the
>   restrict keyword that allows access from localhost.
>
>   This change was inspired by the patches provided in PRs 201803 and 210245,
>   and included some contrib/ntp code inspection to verify that the -4/-6
>   keywords are basically no-ops in all contexts now.
>
>   PR:           201803 210245
>   Differential Revision:        https://reviews.freebsd.org/D15974
>
> Modified:
>   head/etc/ntp.conf
>
> Modified: head/etc/ntp.conf
> ==============================================================================
> --- head/etc/ntp.conf   Sat Jun 23 23:44:36 2018        (r335594)
> +++ head/etc/ntp.conf   Sun Jun 24 03:29:00 2018        (r335595)
> @@ -62,15 +62,13 @@ pool 0.freebsd.pool.ntp.org iburst
>  # See http://support.ntp.org/bin/view/Support/AccessRestrictions
>  # for more information.
>  #
> -restrict    default limited kod nomodify notrap noquery nopeer
> -restrict -6 default limited kod nomodify notrap noquery nopeer
> -restrict    source  limited kod nomodify notrap noquery
> +restrict default limited kod nomodify notrap noquery nopeer
> +restrict source  limited kod nomodify notrap noquery
>
>  #
>  # Alternatively, the following rules would block all unauthorized access.
>  #
>  #restrict default ignore
> -#restrict -6 default ignore
>  #
>  # In this case, all remote NTP time servers also need to be explicitly
>  # allowed or they would not be able to exchange time information with
> @@ -85,7 +83,7 @@ restrict    source  limited kod nomodify notrap noquer
>  #
>  # The following settings allow unrestricted access from the localhost
>  restrict 127.0.0.1
> -restrict -6 ::1
> +restrict ::1
>
>  #
>  # If a server loses sync with all upstream servers, NTP clients
>

More information about the svn-src-head mailing list