Hi Harlan, and thanks. Comments below On 06/02/15 23:44, Harlan Stenn wrote: >> Debian Squeeze doesn't have a patched package available in the >> > squeeze-lts series yet. On those clients would a restriction like >> > >> > restrict ::1 ignore >> > >> > mitigate the vulnerability? > I think so, but it will also make it much harder to use ntpq and other > things.
Sure thing, I'm aware of that. On the other hand, I don't need that on the big majority of the nodes and, on those where I still need it, I can still fall back to IPv4's 127.0.0.1. > It also won't do anything to protect other services that might > use source ACLs for protection Of course not. But we fix that on a per-site basis rather than locally on each node. > Better to: > > - fix your firewall rules to block ::1 incoming packets on external > interfaces Yep, see above. > - just build 4.2.8p1 and install it By the way, are there debian packages for 4.2.8p1? I wasn't able to find any. Many thanks, ciao! -- bronto _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
