From 585042dba9d70d98da05158e7f2d94309a80e789 Mon Sep 17 00:00:00 2001 From: Viacheslav Date: Sat, 15 Jan 2022 15:33:06 +0000 Subject: ntp: T4184: Fix allow-clients address NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address (cherry picked from commit 40f0e78dd94691d54ffd4d2e270ed071e2d2513a) --- data/templates/ntp/ntpd.conf.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl index 38e68f24f..e7afcc16b 100644 --- a/data/templates/ntp/ntpd.conf.tmpl +++ b/data/templates/ntp/ntpd.conf.tmpl @@ -27,6 +27,7 @@ restrict -6 ::1 {% if allow_clients is defined and allow_clients.address is defined %} # Allowed clients configuration +restrict default ignore {% for address in allow_clients.address %} restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer {% endfor %} -- cgit v1.2.3