diff options
| author | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2019-09-03 10:05:06 +0900 |
|---|---|---|
| committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2019-09-08 23:15:30 +0900 |
| commit | d4de2f9ea43d670645f5b8fabf2d1e2a65639191 (patch) | |
| tree | 40b3bd3e1e573d09f31c92928b3edc0ac035597f /gnu/services/networking.scm | |
| parent | 08b4a10fa6bc535cd99d65f0233dd027153878eb (diff) | |
| download | guix-d4de2f9ea43d670645f5b8fabf2d1e2a65639191.tar guix-d4de2f9ea43d670645f5b8fabf2d1e2a65639191.tar.gz | |
services: ntp: Fix KOD warning.
Otherwise the following messages would be printed by ntpd:
Sep 2 05:18:21 localhost ntpd[15849]: restrict default: KOD does nothing without LIMITE.
Sep 2 05:18:21 localhost ntpd[15849]: restrict ::: KOD does nothing without LIMITED.
Debian uses the same set of "restrict" keywords (see:
https://sources.debian.org/src/ntp/1:4.2.8p13+dfsg-2/debian/ntp.conf).
* gnu/services/networking.scm (ntp-shepherd-service): Add the 'limited'
keyword to both the IPv4 and IPv6 'restrict' directives.
Diffstat (limited to 'gnu/services/networking.scm')
| -rw-r--r-- | gnu/services/networking.scm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index e149fe0b69..13a5c6c98d 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -330,8 +330,8 @@ Protocol (DHCP) client, on all the non-loopback network interfaces." " # Disable status queries as a workaround for CVE-2013-5211: # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery +restrict default kod nomodify notrap nopeer noquery limited +restrict -6 default kod nomodify notrap nopeer noquery limited # Yet, allow use of the local 'ntpq'. restrict 127.0.0.1 |