diff options
| author | Alex Harpin <development@landsofshadow.co.uk> | 2015-02-26 22:50:05 +0000 |
|---|---|---|
| committer | Alex Harpin <development@landsofshadow.co.uk> | 2015-02-26 22:50:05 +0000 |
| commit | b9e07101d6347c0359fc68eac62e049acdfdbb78 (patch) | |
| tree | 1829823bf808c85df9d3eae49d910f5f55ff3196 /sysconf | |
| parent | 2bea0c31e1469bc5ac1b20fdb16598b6e0d11699 (diff) | |
| download | vyatta-cfg-system-b9e07101d6347c0359fc68eac62e049acdfdbb78.tar.gz vyatta-cfg-system-b9e07101d6347c0359fc68eac62e049acdfdbb78.zip | |
vyatta-cfg-system: redesign the layout and updating of ntp
When NTP is configured on the system, it not only acts as a client
for the configured servers, but also as a server. Although the server
is only available as a time source, it still represents a service that
the user hasn't specifically enabled.
This commit sets the default configuration of NTP to disallow all
external access, so the system acts purely as a client by default, and
also introduces the ability to configure which addresses / subnets are
allowed to both query and use it as a time source. If the servers
configured are specified as host names, these are resolved to IP
addresses before being added to ntp.conf, with the same process carried
out after name server changes.
syntax 'set system ntp client address'
Bug #94 http://bugzilla.vyos.net/show_bug.cgi?id=94
Diffstat (limited to 'sysconf')
| -rw-r--r-- | sysconf/ntp.conf | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/sysconf/ntp.conf b/sysconf/ntp.conf index 248cdc2d..855d5097 100644 --- a/sysconf/ntp.conf +++ b/sysconf/ntp.conf @@ -4,21 +4,21 @@ # configuration subsystem. Please do not manually edit it. # # The first section of this file consists of static parameters -# that can not be changed via the Vyatta configuration subsystem. +# (that can not be changed via the VyOS CLI) and default values +# that prevent ntpd being queried (client only mode). # driftfile /var/lib/ntp/ntp.drift -# By default, exchange time with everybody, but don't allow configuration. -restrict -4 default kod notrap nomodify nopeer noquery -restrict -6 default kod notrap nomodify nopeer noquery +# By default, only allow ntpd to query time sources, ignore any +# incoming requests. -# Local users may interrogate the ntp server more closely. -restrict 127.0.0.1 -restrict ::1 +restrict default ignore +restrict -6 default ignore -# -# The remainder of this file is for parameters that are set up via -# the Vyatta configuration subsystem. -# +# Local users have unrestricted access, allowing reconfiguration +# via ntpdc +restrict 127.0.0.1 +restrict -6 ::1 +# VyOS CLI configuration options |