Eric S. Raymond via devel writes: > There are three obvious ways to address this. > > 1. The infosec-focused way. Change the default restrictions to be > "allow nothing." This way, if you bring it up with no config, there's > no harm. It just spins inaccessibly.
If it does that without complaining loudly enough some folks might think it's actually doing something and act surprised when it doesn't. > 2. User-friendly way. Bring it up with these permissions: > > restrict default kod limited nomodify nopeer noquery > restrict -6 default kod limited nomodify nopeer noquery > restrict 127.0.0.1 > restrict -6 ::1 Stop it here. No pool (I think hardwiring pool names without consent of the pool administrators is a no-no). Also, no drift file. You might want to add "noserve notrust" to the last two statements. > pool pool.ntp.org iburst > driftfile /var/lib/ntp/ntp.drift > > That is, the behavior 99.9% of all installations want. > > 3. Leave current behavior alone. The current behaviour was addressing a different target audience, so I see no reason to keep it when we are targeting a different population. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
