Page MenuHomeVyOS Platform

Default NTP server settings
Closed, ResolvedPublic


Per default VyOS will allow NTP clients from to reach it's NTP server.

That kind of configuration is not recommended, and would allow malicious usage by NTP reflection DDoS attacks, taking up bandwidth and making the internet as a whole a bit more unsafe.

My suggestion is to completely remove "set service ntp allow-client" from the default VyOS configuration, as any admin that has the knowledge to setup a router from scratch should also be able to configure the NTP server to allow NTP requests from it’s client’s prefixes when needed.

If anyone is able to tell me where the default configurations are, I'm able to make the PR.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Security vulnerability