Interface-scanning is dead weight

Eric S. Raymond esr at
Sat Dec 10 19:00:01 UTC 2016

Mark, heads up!  Issue with policy implications.

Now that it looks like we don't need to write a new restriction
language, I think we should consider changing the restriction

Pretty much every distribution in the universe ships a default
ntp.conf with a restriction sectio that looks like this:

# By default, exchange time with everybody, but don't allow configuration.
restrict default kod limited nomodify nopeer noquery  
restrict -6 default kod limited nomodify nopeer noquery

# Local users may interrogate the NTP server more closely.
restrict -6 ::1

I'm requesting comment on the following behavior change:

(1) Make these the default restrictions at startup, replacing none at all.

(2) Retain current behavior if built with --enable-classic-mode. 
		<a href="">Eric S. Raymond</a>

Government should be weak, amateurish and ridiculous. At present, it
fulfills only a third of the role.	-- Edward Abbey

More information about the devel mailing list