Bug 17492 - /net-misc/ntp extended ntp.conf to include access restrictions
Bug#: 17492 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: seemant@gentoo.org Reported By: gentoo-bugs@seyffer.de
Component: Ebuilds
URL: 
Summary: /net-misc/ntp extended ntp.conf to include access restrictions
Keywords:  
Status Whiteboard: 
Opened: 2003-03-14 06:02 0000
Description:   Opened: 2003-03-14 06:02 0000 
Hello,

I just emerged ntp and found that the included config template is a bit
"minimalistic" as it does not include any access restrictions or hints to
configure them at all.

So please find attached a suggestion for an updated ntpd.conf template.

Thanks.
Daniel

PS: By the way...trivial but also check the einfo output of the ebuild - or is
this meant to stress "RTFM"? ;-)

--- Quote ---
[...]
 * Please run etc-update and then read all the comments
 * all the comments in /etc/ntp.conf and
[...]
--- /Quote ---


Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Daniel Seyffer 2003-03-14 06:04:07 0000 ------- 
Created an attachment (id=9374) [details]
Suggestion for an updated ntp.conf template.

Diff:
*** /usr/share/ntp/ntp.conf	Fri Mar 14 11:43:12 2003
--- ntp.conf	Fri Mar 14 11:42:30 2003
***************
*** 19,21 ****
--- 19,53 ----
  # you should not need to modify the following paths
  logfile		/var/log/ntpd.log
  driftfile	/var/lib/misc/ntp.drift
+
+
+ # Warning: Using default NTP settings will leave your NTP
+ #	     server accessible to all hosts on the Internet.
+
+ #
+ # If you want to deny all machines from accessing
+ # your NTP server, uncomment:
+ #
+ #restrict default ignore
+
+
+ # To only deny other machines from changing the
+ # configuration but allow localhost uncomment:
+ #
+ #restrict default notrust nomodify
+ #restrict 127.0.0.1
+
+
+ # To allow machines within your network to synchronize
+ # their clocks with your server, but ensure they are
+ # not allowed to configure the server or used as peers
+ # to synchronize against, uncomment this line.
+ #
+ #restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
+
+
+ # To only deny other machines from changing the
+ # configuration but allow localhost uncomment:
+ #
+ #restrict default notrust nomodify
+ #restrict 127.0.0.1

------- Comment #2 From Seemant Kulleen (RETIRED) 2003-03-14 06:12:17 0000 ------- 
thanks daniel, will look into this

------- Comment #3 From Daniel Seyffer 2003-03-14 06:34:11 0000 ------- 
Another but rather trivial suggestion that just came to my mind, would be to
consider 
adding an example for setting a "prefer" statement to the server part of the 
configuration when using multiple servers, similar to: 

  #server ntplocal.example.com prefer 
  #server timeserver.example.org 

Thanks. :-)

------- Comment #4 From Seemant Kulleen (RETIRED) 2003-03-18 02:20:15 0000 ------- 
changed in portage, thanks Daniel

------- Comment #5 From SpanKY 2003-07-23 18:08:13 0000 ------- 
the extra einfo is a 'rtfm' msg simply because people were not doing so and
were 
filing bugs/complaining on mailing lists + forums 

i added the einfo so as to quiet them ;)