svn commit: r335595 - head/etc

Ian Lepore ian at freebsd.org
Sun Jun 24 14:15:33 UTC 2018 

On Sat, 2018-06-23 at 21:24 -0700, Xin LI wrote:
> Oh thanks for that.  Is there a plan to MFC?

Yes, I plan to mfc to 10 and 11 after a short while.

-- Ian

> On Sat, Jun 23, 2018 at 8:29 PM Ian Lepore <ian at freebsd.org> wrote:
> > 
> > 
> > Author: ian
> > Date: Sun Jun 24 03:29:00 2018
> > New Revision: 335595
> > URL: https://svnweb.freebsd.org/changeset/base/335595
> > 
> > Log:
> >   Modernize usage of "restrict" keyword in ntp.conf
> > 
> >   It is no longer necessary to specify a -4/-6 flag on any ntp.conf
> >   keyword.  The address type is inferred from the address itself as
> >   necessary.  "restrict default" statements always apply to both
> > address
> >   families regardless of any -4/-6 flag that may be present.
> > 
> >   So this change just tidies up our default config by removing the
> > redundant
> >   restrict -6 statement and comment, and by removing the -6 flag
> > from the
> >   restrict keyword that allows access from localhost.
> > 
> >   This change was inspired by the patches provided in PRs 201803
> > and 210245,
> >   and included some contrib/ntp code inspection to verify that the
> > -4/-6
> >   keywords are basically no-ops in all contexts now.
> > 
> >   PR:           201803 210245
> >   Differential Revision:        https://reviews.freebsd.org/D15974
> > 
> > Modified:
> >   head/etc/ntp.conf
> > 
> > Modified: head/etc/ntp.conf
> > ===================================================================
> > ===========
> > --- head/etc/ntp.conf   Sat Jun 23 23:44:36 2018        (r335594)
> > +++ head/etc/ntp.conf   Sun Jun 24 03:29:00 2018        (r335595)
> > @@ -62,15 +62,13 @@ pool 0.freebsd.pool.ntp.org iburst
> >  # See http://support.ntp.org/bin/view/Support/AccessRestrictions
> >  # for more information.
> >  #
> > -restrict    default limited kod nomodify notrap noquery nopeer
> > -restrict -6 default limited kod nomodify notrap noquery nopeer
> > -restrict    source  limited kod nomodify notrap noquery
> > +restrict default limited kod nomodify notrap noquery nopeer
> > +restrict source  limited kod nomodify notrap noquery
> > 
> >  #
> >  # Alternatively, the following rules would block all unauthorized
> > access.
> >  #
> >  #restrict default ignore
> > -#restrict -6 default ignore
> >  #
> >  # In this case, all remote NTP time servers also need to be
> > explicitly
> >  # allowed or they would not be able to exchange time information
> > with
> > @@ -85,7 +83,7 @@ restrict    source  limited kod nomodify notrap
> > noquer
> >  #
> >  # The following settings allow unrestricted access from the
> > localhost
> >  restrict 127.0.0.1
> > -restrict -6 ::1
> > +restrict ::1
> > 
> >  #
> >  # If a server loses sync with all upstream servers, NTP clients
> >

More information about the svn-src-head mailing list