Interface-scanning is dead weight
Eric S. Raymond
esr at thyrsus.com
Sat Dec 10 19:00:01 UTC 2016
Mark, heads up! Issue with policy implications.
Now that it looks like we don't need to write a new restriction
language, I think we should consider changing the restriction
defaults.
Pretty much every distribution in the universe ships a default
ntp.conf with a restriction sectio that looks like this:
---------------------------------------------------------------------------
# By default, exchange time with everybody, but don't allow configuration.
restrict default kod limited nomodify nopeer noquery
restrict -6 default kod limited nomodify nopeer noquery
# Local users may interrogate the NTP server more closely.
restrict 127.0.0.1
restrict -6 ::1
---------------------------------------------------------------------------
I'm requesting comment on the following behavior change:
(1) Make these the default restrictions at startup, replacing none at all.
(2) Retain current behavior if built with --enable-classic-mode.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
Government should be weak, amateurish and ridiculous. At present, it
fulfills only a third of the role. -- Edward Abbey
More information about the devel
mailing list