diff options
author | Viacheslav <v.gletenko@vyos.io> | 2022-01-15 15:33:06 +0000 |
---|---|---|
committer | Viacheslav <v.gletenko@vyos.io> | 2022-01-15 16:06:15 +0000 |
commit | 585042dba9d70d98da05158e7f2d94309a80e789 (patch) | |
tree | c5d39ff29fe52be391bf67c908512cda4770e861 /data | |
parent | b5b9685c37aa48a88bdd697e4c46e94d274a5d95 (diff) | |
download | vyos-1x-585042dba9d70d98da05158e7f2d94309a80e789.tar.gz vyos-1x-585042dba9d70d98da05158e7f2d94309a80e789.zip |
ntp: T4184: Fix allow-clients address
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
(cherry picked from commit 40f0e78dd94691d54ffd4d2e270ed071e2d2513a)
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/ntp/ntpd.conf.tmpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl index 38e68f24f..e7afcc16b 100644 --- a/data/templates/ntp/ntpd.conf.tmpl +++ b/data/templates/ntp/ntpd.conf.tmpl @@ -27,6 +27,7 @@ restrict -6 ::1 {% if allow_clients is defined and allow_clients.address is defined %} # Allowed clients configuration +restrict default ignore {% for address in allow_clients.address %} restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer {% endfor %} |