Page MenuHomeVyOS Platform
Create Task
Maniphest T1694

NTPd: Do not listen on all interfaces by default
Closed, ResolvedPublic
Actions

Description

NTPd should not listen on all interfaces by default, e.g. if the directive

set system ntp listen-address (IPv4|IPv6)

is not set. We should move the NTPd option interface ignore wildcard to the Non-configurable defaults section of ntp.py

--- src/conf_mode/ntp.py          2019-09-27 10:29:35.194814255 +0200
+++ src/conf_mode/ntp.py.new      2019-09-27 10:31:03.488701365 +0200
@@ -41,6 +41,8 @@
 restrict 127.0.0.1
 restrict -6 ::1

+# Do not listen on any interface address by default
+interface ignore wildcard

 #
 # Configurable section
@@ -63,8 +65,6 @@
 {% endif %}

 {% if listen_address -%}
-# NTP should listen on configured addresses only
-interface ignore wildcard
 {% for a in listen_address -%}
 interface listen {{ a }}
 {% endfor -%}

Details

Version
-
Is it a breaking change?
Behavior change

Related Objects

Event Timeline

phoenix created this task.Sep 27 2019, 11:02 AM
phoenix created this object in space S1 VyOS Public.
phoenix updated the task description. (Show Details)Sep 27 2019, 11:14 AM
Restricted Repository Identity mentioned this in rVYOSONEXe44466768233: Merge pull request #139 from phoenix0984/ntp.Sep 27 2019, 11:14 AM
pasik subscribed.Sep 27 2019, 6:45 PM
dmbaturin mentioned this in rVYOSONEX6ac5271e93d0: T1694: delete the now broken tests for NTP..Sep 28 2019, 11:57 AM
c-po mentioned this in rVYOSONEXe541ffc4f34c: Merge branch 'current' of github.com:vyos/vyos-1x into equuleus.Sep 28 2019, 12:04 PM
vindenesen mentioned this in T1696: NTP - Tests fail when building vyos-1x.Sep 28 2019, 7:06 PM
syncer closed this task as Unknown Status.Nov 16 2019, 11:38 PM
syncer assigned this task to jestabro.
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved this task from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.4) board.
jestabro mentioned this in rVYOSONEX3d396586ee95: T1694 NTPd: Do not listen on all interfaces by default.Nov 19 2019, 6:51 PM
jestabro moved this task from Backlog to Finished on the VyOS 1.2 Crux (VyOS 1.2.4) board.Nov 19 2019, 7:00 PM
jestabro changed the task status from Unknown Status to Resolved.Nov 22 2019, 2:05 PM
rps mentioned this in T1803: Unbind NTP while it's not requested.Mar 3 2020, 12:47 AM
jestabro mentioned this in rVYOSONEXf20ffaf1b493: ntp: T1803: Revert "T1694 NTPd: Do not listen on all interfaces by default".Mar 16 2020, 1:36 AM
jestabro mentioned this in rVYOSONEX496bd8223913: ntp: T1803: Revert "T1694 NTPd: Do not listen on all interfaces by default".Mar 16 2020, 1:38 AM
dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:27 PM