diff options
| author | Viacheslav <v.gletenko@vyos.io> | 2022-01-15 15:33:06 +0000 |
|---|---|---|
| committer | Viacheslav <v.gletenko@vyos.io> | 2022-01-15 15:33:06 +0000 |
| commit | 40f0e78dd94691d54ffd4d2e270ed071e2d2513a (patch) | |
| tree | cade590ba95200afe5a955cb67b6fed7aa3d1a67 | |
| parent | 3b4ece7dde02629bbbe8314ed7a68d197cb7136a (diff) | |
| download | vyos-1x-40f0e78dd94691d54ffd4d2e270ed071e2d2513a.tar.gz vyos-1x-40f0e78dd94691d54ffd4d2e270ed071e2d2513a.zip | |
ntp: T4184: Fix allow-clients address
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
| -rw-r--r-- | data/templates/ntp/ntpd.conf.tmpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl index 38e68f24f..e7afcc16b 100644 --- a/data/templates/ntp/ntpd.conf.tmpl +++ b/data/templates/ntp/ntpd.conf.tmpl @@ -27,6 +27,7 @@ restrict -6 ::1 {% if allow_clients is defined and allow_clients.address is defined %} # Allowed clients configuration +restrict default ignore {% for address in allow_clients.address %} restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer {% endfor %} |