* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config

- Ensure the client won't respond to anybody but accept the timeserver answers - Should work on both Jessie and Stretch
4 years ago · af896fe1fc
parent 87860d5b7f
commit af896fe1fc
2 changed files with 5 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release.
 ### Changed

 ### Fixed
+* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config

 ### Security

--- a/ntpd/defaults/main.yml
+++ b/ntpd/defaults/main.yml
@ -2,7 +2,9 @@
 ntpd_servers:
 - 'ntp.evolix.net iburst'
 ntpd_acls:
- '-4 default kod notrap nomodify nopeer noquery'
- '-6 default kod notrap nomodify nopeer noquery'
+- '-4 default ignore'
+- '-6 default ignore'
+- 'source nomodify noquery notrap'         # Debian 9 and later
+- 'ntp.evolix.net nomodify noquery notrap' # Debian 8
 - '127.0.0.1'
 - '::1'