ntpd: Added option to disable strict ACLs for isc-ntpd
This commit is contained in:
Ossi Salmi
parent
7a335ec644
commit
246816f417
2 changed files with 20 additions and 2 deletions
|
|
@ -3,13 +3,20 @@
|
|||
tinker panic 0
|
||||
|
||||
<% end -%>
|
||||
<% if @ntp_strict == "true" -%>
|
||||
# By default deny everything.
|
||||
restrict -4 default ignore
|
||||
restrict -6 default ignore
|
||||
<% else -%>
|
||||
# Permit time synchronization with our time source, but do not
|
||||
# permit the source to query or modify the service on this system.
|
||||
restrict -4 default nomodify notrap nopeer noquery
|
||||
restrict -6 default nomodify notrap nopeer noquery
|
||||
<% end -%>
|
||||
|
||||
# Local users may interrogate the ntp server more closely.
|
||||
restrict 127.0.0.1
|
||||
restrict ::1
|
||||
restrict 127.0.0.1 nomodify
|
||||
restrict ::1 nomodify
|
||||
|
||||
# Drift file.
|
||||
driftfile /var/lib/ntp/ntp.drift
|
||||
|
|
@ -17,7 +24,9 @@ driftfile /var/lib/ntp/ntp.drift
|
|||
# Remote servers.
|
||||
<% @ntp_server.each do |server| -%>
|
||||
server <%= server %>
|
||||
<% if @ntp_strict == "true" -%>
|
||||
restrict <%= server %> nomodify notrap nopeer noquery
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
<% if @is_virtual == "false" -%>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue