svn commit: r335595 - head/etc
Ian Lepore
ian at freebsd.org
Sun Jun 24 14:15:33 UTC 2018
On Sat, 2018-06-23 at 21:24 -0700, Xin LI wrote:
> Oh thanks for that. Is there a plan to MFC?
Yes, I plan to mfc to 10 and 11 after a short while.
-- Ian
> On Sat, Jun 23, 2018 at 8:29 PM Ian Lepore <ian at freebsd.org> wrote:
> >
> >
> > Author: ian
> > Date: Sun Jun 24 03:29:00 2018
> > New Revision: 335595
> > URL: https://svnweb.freebsd.org/changeset/base/335595
> >
> > Log:
> > Modernize usage of "restrict" keyword in ntp.conf
> >
> > It is no longer necessary to specify a -4/-6 flag on any ntp.conf
> > keyword. The address type is inferred from the address itself as
> > necessary. "restrict default" statements always apply to both
> > address
> > families regardless of any -4/-6 flag that may be present.
> >
> > So this change just tidies up our default config by removing the
> > redundant
> > restrict -6 statement and comment, and by removing the -6 flag
> > from the
> > restrict keyword that allows access from localhost.
> >
> > This change was inspired by the patches provided in PRs 201803
> > and 210245,
> > and included some contrib/ntp code inspection to verify that the
> > -4/-6
> > keywords are basically no-ops in all contexts now.
> >
> > PR: 201803 210245
> > Differential Revision: https://reviews.freebsd.org/D15974
> >
> > Modified:
> > head/etc/ntp.conf
> >
> > Modified: head/etc/ntp.conf
> > ===================================================================
> > ===========
> > --- head/etc/ntp.conf Sat Jun 23 23:44:36 2018 (r335594)
> > +++ head/etc/ntp.conf Sun Jun 24 03:29:00 2018 (r335595)
> > @@ -62,15 +62,13 @@ pool 0.freebsd.pool.ntp.org iburst
> > # See http://support.ntp.org/bin/view/Support/AccessRestrictions
> > # for more information.
> > #
> > -restrict default limited kod nomodify notrap noquery nopeer
> > -restrict -6 default limited kod nomodify notrap noquery nopeer
> > -restrict source limited kod nomodify notrap noquery
> > +restrict default limited kod nomodify notrap noquery nopeer
> > +restrict source limited kod nomodify notrap noquery
> >
> > #
> > # Alternatively, the following rules would block all unauthorized
> > access.
> > #
> > #restrict default ignore
> > -#restrict -6 default ignore
> > #
> > # In this case, all remote NTP time servers also need to be
> > explicitly
> > # allowed or they would not be able to exchange time information
> > with
> > @@ -85,7 +83,7 @@ restrict source limited kod nomodify notrap
> > noquer
> > #
> > # The following settings allow unrestricted access from the
> > localhost
> > restrict 127.0.0.1
> > -restrict -6 ::1
> > +restrict ::1
> >
> > #
> > # If a server loses sync with all upstream servers, NTP clients
> >
More information about the svn-src-head
mailing list