From owner-svn-src-head@freebsd.org Sun Jun 24 14:15:33 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72BC3100139C for ; Sun, 24 Jun 2018 14:15:33 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from pmta2.delivery6.ore.mailhop.org (pmta2.delivery6.ore.mailhop.org [54.200.129.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EE2F28B5F6 for ; Sun, 24 Jun 2018 14:15:32 +0000 (UTC) (envelope-from ian@freebsd.org) X-MHO-RoutePath: aGlwcGll X-MHO-User: 09956ac5-77b9-11e8-b829-b3adae557cda X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound2.ore.mailhop.org (Halon) with ESMTPSA id 09956ac5-77b9-11e8-b829-b3adae557cda; Sun, 24 Jun 2018 14:15:25 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id w5OEFOBl093214; Sun, 24 Jun 2018 08:15:24 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1529849724.24573.59.camel@freebsd.org> Subject: Re: svn commit: r335595 - head/etc From: Ian Lepore To: Xin LI Cc: "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Date: Sun, 24 Jun 2018 08:15:24 -0600 In-Reply-To: References: <201806240329.w5O3T0kq033162@repo.freebsd.org> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.18.5.1 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2018 14:15:33 -0000 On Sat, 2018-06-23 at 21:24 -0700, Xin LI wrote: > Oh thanks for that.  Is there a plan to MFC? Yes, I plan to mfc to 10 and 11 after a short while. -- Ian > On Sat, Jun 23, 2018 at 8:29 PM Ian Lepore wrote: > > > > > > Author: ian > > Date: Sun Jun 24 03:29:00 2018 > > New Revision: 335595 > > URL: https://svnweb.freebsd.org/changeset/base/335595 > > > > Log: > >   Modernize usage of "restrict" keyword in ntp.conf > > > >   It is no longer necessary to specify a -4/-6 flag on any ntp.conf > >   keyword.  The address type is inferred from the address itself as > >   necessary.  "restrict default" statements always apply to both > > address > >   families regardless of any -4/-6 flag that may be present. > > > >   So this change just tidies up our default config by removing the > > redundant > >   restrict -6 statement and comment, and by removing the -6 flag > > from the > >   restrict keyword that allows access from localhost. > > > >   This change was inspired by the patches provided in PRs 201803 > > and 210245, > >   and included some contrib/ntp code inspection to verify that the > > -4/-6 > >   keywords are basically no-ops in all contexts now. > > > >   PR:           201803 210245 > >   Differential Revision:        https://reviews.freebsd.org/D15974 > > > > Modified: > >   head/etc/ntp.conf > > > > Modified: head/etc/ntp.conf > > =================================================================== > > =========== > > --- head/etc/ntp.conf   Sat Jun 23 23:44:36 2018        (r335594) > > +++ head/etc/ntp.conf   Sun Jun 24 03:29:00 2018        (r335595) > > @@ -62,15 +62,13 @@ pool 0.freebsd.pool.ntp.org iburst > >  # See http://support.ntp.org/bin/view/Support/AccessRestrictions > >  # for more information. > >  # > > -restrict    default limited kod nomodify notrap noquery nopeer > > -restrict -6 default limited kod nomodify notrap noquery nopeer > > -restrict    source  limited kod nomodify notrap noquery > > +restrict default limited kod nomodify notrap noquery nopeer > > +restrict source  limited kod nomodify notrap noquery > > > >  # > >  # Alternatively, the following rules would block all unauthorized > > access. > >  # > >  #restrict default ignore > > -#restrict -6 default ignore > >  # > >  # In this case, all remote NTP time servers also need to be > > explicitly > >  # allowed or they would not be able to exchange time information > > with > > @@ -85,7 +83,7 @@ restrict    source  limited kod nomodify notrap > > noquer > >  # > >  # The following settings allow unrestricted access from the > > localhost > >  restrict 127.0.0.1 > > -restrict -6 ::1 > > +restrict ::1 > > > >  # > >  # If a server loses sync with all upstream servers, NTP clients > >