Date: Tue, 23 Dec 2014 09:37:40 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Joe Malcolm <jmalcolm@uraeus.com> Cc: freebsd-security@freebsd.org, Winfried Neessen <neessen@cleverbridge.com>, Robert Simmons <rsimmons0@gmail.com> Subject: Re: ntpd vulnerabilities Message-ID: <86sig6yd63.fsf@nine.des.no> In-Reply-To: <21656.46224.764659.252388@neoshoggoth.uraeus.com> (Joe Malcolm's message of "Tue, 23 Dec 2014 00:17:20 %2B0000") References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> <86a92fzmls.fsf@nine.des.no> <CA%2BQLa9Du5dZbF-FzEX6Z5cA4m=rTo%2BZiEgzuKN5f8xquVExwXg@mail.gmail.com> <21656.46224.764659.252388@neoshoggoth.uraeus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Malcolm <jmalcolm@uraeus.com> writes: > I'm no expert on ntp.conf, but this appears in my ntp.conf on one of > my FreeBSD systems: > > restrict default kod nomodify notrap nopeer noquery > restrict -6 default kod nomodify notrap nopeer noquery > > However, it also has these: > > restrict 127.0.0.1 > restrict -6 ::1 > restrict 127.127.1.0 These work on a "last match" basis. The latter three lines lift all restrictions for localhost, so you can still "ntpq -pn" your own server, but nobody else can. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86sig6yd63.fsf>