summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViacheslav <v.gletenko@vyos.io>2022-01-15 15:33:06 +0000
committerViacheslav <v.gletenko@vyos.io>2022-01-15 15:33:06 +0000
commit40f0e78dd94691d54ffd4d2e270ed071e2d2513a (patch)
treecade590ba95200afe5a955cb67b6fed7aa3d1a67
parent3b4ece7dde02629bbbe8314ed7a68d197cb7136a (diff)
downloadvyos-1x-40f0e78dd94691d54ffd4d2e270ed071e2d2513a.tar.gz
vyos-1x-40f0e78dd94691d54ffd4d2e270ed071e2d2513a.zip
ntp: T4184: Fix allow-clients address
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address
-rw-r--r--data/templates/ntp/ntpd.conf.tmpl1
1 files changed, 1 insertions, 0 deletions
diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl
index 38e68f24f..e7afcc16b 100644
--- a/data/templates/ntp/ntpd.conf.tmpl
+++ b/data/templates/ntp/ntpd.conf.tmpl
@@ -27,6 +27,7 @@ restrict -6 ::1
{% if allow_clients is defined and allow_clients.address is defined %}
# Allowed clients configuration
+restrict default ignore
{% for address in allow_clients.address %}
restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer
{% endfor %}