summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-03-07 12:14:37 -0800
committerhagbard <vyosdev@derith.de>2019-03-07 12:14:37 -0800
commitad22cbd46f8036b59163cb88914a7a5e4c4dad4d (patch)
tree537c4b47deb7b10b0cbe56dc91a734b7cff71ce0 /src
parent5f7ff72ea44f3d5b53c8debf947e5c05f4a34aa8 (diff)
downloadvyos-1x-ad22cbd46f8036b59163cb88914a7a5e4c4dad4d.tar.gz
vyos-1x-ad22cbd46f8036b59163cb88914a7a5e4c4dad4d.zip
[ntp] T1280 - restrict option for servers, so they can query upstream
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/ntp.py3
-rw-r--r--src/tests/test_ntp.py75
2 files changed, 41 insertions, 37 deletions
diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py
index 37af02014..bdc8e574c 100755
--- a/src/conf_mode/ntp.py
+++ b/src/conf_mode/ntp.py
@@ -42,7 +42,6 @@ restrict default noquery nopeer notrap nomodify noquery notrust
restrict 127.0.0.1
restrict -6 ::1
-
#
# Configurable section
#
@@ -51,6 +50,8 @@ restrict -6 ::1
{% for s in servers -%}
# Server configuration for: {{ s.name }}
server {{ s.name }} iburst {{ s.options | join(" ") }}
+# allow server sync
+restrict {{ s.name }} nomodify notrap
{% endfor -%}
{% endif %}
diff --git a/src/tests/test_ntp.py b/src/tests/test_ntp.py
index c1a7f768d..be47c0432 100644
--- a/src/tests/test_ntp.py
+++ b/src/tests/test_ntp.py
@@ -191,42 +191,45 @@ class TestNtp(TestCase):
]
},
'expected': textwrap.dedent('''
- ### Autogenerated by ntp.py ###
-
- #
- # Non-configurable defaults
- #
- driftfile /var/lib/ntp/ntp.drift
- # By default, only allow ntpd to query time sources, ignore any incoming requests
- restrict default noquery nopeer notrap nomodify noquery notrust
- # Local users have unrestricted access, allowing reconfiguration via ntpdc
- restrict 127.0.0.1
- restrict -6 ::1
-
-
- #
- # Configurable section
- #
-
- # Server configuration for: 1.example.com
- server 1.example.com iburst noselect preempt prefer
-
- # Server configuration for: 2.example.com
- server 2.example.com iburst
-
-
-
- # Client configuration for network: 192.0.2.0/24
- restrict 192.0.2.1 mask 255.255.255.0 nomodify notrap nopeer
-
- # Client configuration for network: 198.51.100.0/24
- restrict 198.51.100.1 mask 255.255.255.0 nomodify notrap nopeer
-
-
-
- # NTP should listen on configured addresses only
- interface ignore wildcard
- interface listen 198.51.100.0/24
+ ### Autogenerated by ntp.py ###
+
+ #
+ # Non-configurable defaults
+ #
+ driftfile /var/lib/ntp/ntp.drift
+ # By default, only allow ntpd to query time sources, ignore any incoming requests
+ restrict default noquery nopeer notrap nomodify noquery notrust
+ # Local users have unrestricted access, allowing reconfiguration via ntpdc
+ restrict 127.0.0.1
+ restrict -6 ::1
+
+ #
+ # Configurable section
+ #
+
+ # Server configuration for: 1.example.com
+ server 1.example.com iburst noselect preempt prefer
+ # allow server sync
+ restrict 1.example.com nomodify notrap
+
+ # Server configuration for: 2.example.com
+ server 2.example.com iburst
+ # allow server sync
+ restrict 2.example.com nomodify notrap
+
+
+
+ # Client configuration for network: 192.0.2.0/24
+ restrict 192.0.2.1 mask 255.255.255.0 nomodify notrap nopeer
+
+ # Client configuration for network: 198.51.100.0/24
+ restrict 198.51.100.1 mask 255.255.255.0 nomodify notrap nopeer
+
+
+
+ # NTP should listen on configured addresses only
+ interface ignore wildcard
+ interface listen 198.51.100.0/24
'''),
},