diff options
| author | jim-p <jimp@pfsense.org> | 2012-10-03 13:17:56 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-10-03 13:17:56 -0400 |
| commit | 7b27db030c373778a727195e77928e7301b4c6d6 (patch) | |
| tree | 55ceb754efc53b0d16bc7be1fc6f36c1e84e21c4 | |
| parent | 6162b068f6840aa1d03e99e9a496af301b98afab (diff) | |
| download | pfsense-7b27db030c373778a727195e77928e7301b4c6d6.zip pfsense-7b27db030c373778a727195e77928e7301b4c6d6.tar.gz | |
Add restrict lines to limit what local clients are allowed to do to the ntp server.
| -rw-r--r-- | etc/inc/system.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 6bf32f3..a9925e8 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1311,6 +1311,8 @@ function system_ntp_configure($start_ntpd=true) { $ntpcfg .= "statsdir {$statsdir}\n"; $ntpcfg .= "logconfig =syncall +clockall\n"; $ntpcfg .= "driftfile {$driftfile}\n"; + $ntpcfg .= "restrict default kod nomodify notrap nopeer\n"; + $ntpcfg .= "restrict -6 default kod nomodify notrap nopeer\n"; if (empty($config['ntpd']['interface'])) if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface'])) |
