Page MenuHomeVyOS Platform
Create Task
Maniphest T1694

NTPd: Do not listen on all interfaces by default
Closed, ResolvedPublic
Actions

Description

NTPd should not listen on all interfaces by default, e.g. if the directive

set system ntp listen-address (IPv4|IPv6)

is not set. We should move the NTPd option interface ignore wildcard to the Non-configurable defaults section of ntp.py

--- src/conf_mode/ntp.py          2019-09-27 10:29:35.194814255 +0200
+++ src/conf_mode/ntp.py.new      2019-09-27 10:31:03.488701365 +0200
@@ -41,6 +41,8 @@
 restrict 127.0.0.1
 restrict -6 ::1

+# Do not listen on any interface address by default
+interface ignore wildcard

 #
 # Configurable section
@@ -63,8 +65,6 @@
 {% endif %}

 {% if listen_address -%}
-# NTP should listen on configured addresses only
-interface ignore wildcard
 {% for a in listen_address -%}
 interface listen {{ a }}
 {% endfor -%}

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change

Related Objects