Date: Sat, 23 Jun 2018 21:24:25 -0700 From: Xin LI <delphij@gmail.com> To: Ian Lepore <ian@freebsd.org> Cc: "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r335595 - head/etc Message-ID: <CAGMYy3uwTnK_RC-HrJ1yX_3G94huR84FAmNNzg_sy5qd-FP6bg@mail.gmail.com> In-Reply-To: <201806240329.w5O3T0kq033162@repo.freebsd.org> References: <201806240329.w5O3T0kq033162@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh thanks for that. Is there a plan to MFC? On Sat, Jun 23, 2018 at 8:29 PM Ian Lepore <ian@freebsd.org> wrote: > > Author: ian > Date: Sun Jun 24 03:29:00 2018 > New Revision: 335595 > URL: https://svnweb.freebsd.org/changeset/base/335595 > > Log: > Modernize usage of "restrict" keyword in ntp.conf > > It is no longer necessary to specify a -4/-6 flag on any ntp.conf > keyword. The address type is inferred from the address itself as > necessary. "restrict default" statements always apply to both address > families regardless of any -4/-6 flag that may be present. > > So this change just tidies up our default config by removing the redundant > restrict -6 statement and comment, and by removing the -6 flag from the > restrict keyword that allows access from localhost. > > This change was inspired by the patches provided in PRs 201803 and 210245, > and included some contrib/ntp code inspection to verify that the -4/-6 > keywords are basically no-ops in all contexts now. > > PR: 201803 210245 > Differential Revision: https://reviews.freebsd.org/D15974 > > Modified: > head/etc/ntp.conf > > Modified: head/etc/ntp.conf > ============================================================================== > --- head/etc/ntp.conf Sat Jun 23 23:44:36 2018 (r335594) > +++ head/etc/ntp.conf Sun Jun 24 03:29:00 2018 (r335595) > @@ -62,15 +62,13 @@ pool 0.freebsd.pool.ntp.org iburst > # See http://support.ntp.org/bin/view/Support/AccessRestrictions > # for more information. > # > -restrict default limited kod nomodify notrap noquery nopeer > -restrict -6 default limited kod nomodify notrap noquery nopeer > -restrict source limited kod nomodify notrap noquery > +restrict default limited kod nomodify notrap noquery nopeer > +restrict source limited kod nomodify notrap noquery > > # > # Alternatively, the following rules would block all unauthorized access. > # > #restrict default ignore > -#restrict -6 default ignore > # > # In this case, all remote NTP time servers also need to be explicitly > # allowed or they would not be able to exchange time information with > @@ -85,7 +83,7 @@ restrict source limited kod nomodify notrap noquer > # > # The following settings allow unrestricted access from the localhost > restrict 127.0.0.1 > -restrict -6 ::1 > +restrict ::1 > > # > # If a server loses sync with all upstream servers, NTP clients >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGMYy3uwTnK_RC-HrJ1yX_3G94huR84FAmNNzg_sy5qd-FP6bg>