Date: Sun, 24 Jun 2018 08:15:24 -0600 From: Ian Lepore <ian@freebsd.org> To: Xin LI <delphij@gmail.com> Cc: "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r335595 - head/etc Message-ID: <1529849724.24573.59.camel@freebsd.org> In-Reply-To: <CAGMYy3uwTnK_RC-HrJ1yX_3G94huR84FAmNNzg_sy5qd-FP6bg@mail.gmail.com> References: <201806240329.w5O3T0kq033162@repo.freebsd.org> <CAGMYy3uwTnK_RC-HrJ1yX_3G94huR84FAmNNzg_sy5qd-FP6bg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2018-06-23 at 21:24 -0700, Xin LI wrote: > Oh thanks for that. Is there a plan to MFC? Yes, I plan to mfc to 10 and 11 after a short while. -- Ian > On Sat, Jun 23, 2018 at 8:29 PM Ian Lepore <ian@freebsd.org> wrote: > > > > > > Author: ian > > Date: Sun Jun 24 03:29:00 2018 > > New Revision: 335595 > > URL: https://svnweb.freebsd.org/changeset/base/335595 > > > > Log: > > Modernize usage of "restrict" keyword in ntp.conf > > > > It is no longer necessary to specify a -4/-6 flag on any ntp.conf > > keyword. The address type is inferred from the address itself as > > necessary. "restrict default" statements always apply to both > > address > > families regardless of any -4/-6 flag that may be present. > > > > So this change just tidies up our default config by removing the > > redundant > > restrict -6 statement and comment, and by removing the -6 flag > > from the > > restrict keyword that allows access from localhost. > > > > This change was inspired by the patches provided in PRs 201803 > > and 210245, > > and included some contrib/ntp code inspection to verify that the > > -4/-6 > > keywords are basically no-ops in all contexts now. > > > > PR: 201803 210245 > > Differential Revision: https://reviews.freebsd.org/D15974 > > > > Modified: > > head/etc/ntp.conf > > > > Modified: head/etc/ntp.conf > > =================================================================== > > =========== > > --- head/etc/ntp.conf Sat Jun 23 23:44:36 2018 (r335594) > > +++ head/etc/ntp.conf Sun Jun 24 03:29:00 2018 (r335595) > > @@ -62,15 +62,13 @@ pool 0.freebsd.pool.ntp.org iburst > > # See http://support.ntp.org/bin/view/Support/AccessRestrictions > > # for more information. > > # > > -restrict default limited kod nomodify notrap noquery nopeer > > -restrict -6 default limited kod nomodify notrap noquery nopeer > > -restrict source limited kod nomodify notrap noquery > > +restrict default limited kod nomodify notrap noquery nopeer > > +restrict source limited kod nomodify notrap noquery > > > > # > > # Alternatively, the following rules would block all unauthorized > > access. > > # > > #restrict default ignore > > -#restrict -6 default ignore > > # > > # In this case, all remote NTP time servers also need to be > > explicitly > > # allowed or they would not be able to exchange time information > > with > > @@ -85,7 +83,7 @@ restrict source limited kod nomodify notrap > > noquer > > # > > # The following settings allow unrestricted access from the > > localhost > > restrict 127.0.0.1 > > -restrict -6 ::1 > > +restrict ::1 > > > > # > > # If a server loses sync with all upstream servers, NTP clients > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1529849724.24573.59.camel>