From 258c24ab9be8aa4ced8bfa1c19f134ec8bbfb1a0 Mon Sep 17 00:00:00 2001
From: Marcel Gisselmann <mg@affito.de>
Date: Fri, 27 Sep 2019 13:10:35 +0200
Subject: T1694 NTPd: Do not listen on all interfaces by default

---
 src/conf_mode/ntp.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py
index f706d502f..8f32e6e81 100755
--- a/src/conf_mode/ntp.py
+++ b/src/conf_mode/ntp.py
@@ -42,6 +42,8 @@ restrict default noquery nopeer notrap nomodify
 restrict 127.0.0.1
 restrict -6 ::1
 
+# Do not listen on any interface address by default
+interface ignore wildcard
 #
 # Configurable section
 #
@@ -63,7 +65,6 @@ restrict {{ n.address }} mask {{ n.netmask }} nomodify notrap nopeer
 
 {% if listen_address -%}
 # NTP should listen on configured addresses only
-interface ignore wildcard
 {% for a in listen_address -%}
 interface listen {{ a }}
 {% endfor -%}
-- 
cgit v1.2.3