ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-07 15:36:20 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

services: ntp: Fix KOD warning.

Browse source 
Otherwise the following messages would be printed by ntpd:

Sep  2 05:18:21 localhost ntpd[15849]: restrict default: KOD does nothing without LIMITE.
Sep  2 05:18:21 localhost ntpd[15849]: restrict ::: KOD does nothing without LIMITED.

Debian uses the same set of "restrict" keywords (see:
https://sources.debian.org/src/ntp/1:4.2.8p13+dfsg-2/debian/ntp.conf).

* gnu/services/networking.scm (ntp-shepherd-service): Add the 'limited'
keyword to both the IPv4 and IPv6 'restrict' directives.
This commit is contained in:
Maxim Cournoyer 2019-09-03 10:05:06 +09:00
parent 08b4a10fa6
commit d4de2f9ea4
No known key found for this signature in database
GPG key ID: 1260E46482E63562
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
gnu/services/networking.scm
View file

@ -330,8 +330,8 @@ (define config
"
# Disable status queries as a workaround for CVE-2013-5211:
# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict default kod nomodify notrap nopeer noquery limited
restrict -6 default kod nomodify notrap nopeer noquery limited
# Yet, allow use of the local 'ntpq'.
restrict 127.0.0.1