Skip to content

Commit

Permalink
extend Readme for a simple client
Browse files Browse the repository at this point in the history
these restrictions are needed if you want to install an ntpd that only acts as a client

1) disable global acces
2) allow localhost completly (usefull for just in time config changes via cli)
3) allow minimal access to the source servers

everything for IPv4 and IPv6

settings are based on http://support.ntp.org/bin/view/Support/AccessRestrictions

more and more reflectd NTP attackes are commen on the internet, so it is pretty dangerous to install a simple client without these settings. I guess they could be usefull for other people.

fix typo
  • Loading branch information
bastelfreak committed Jan 13, 2015
1 parent 15bd628 commit 2be7648
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions README.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,22 @@ class { '::ntp':
}
```

###I just want to install a client that can't be queried

```puppet
class { '::ntp':
servers => ['ntp1.corp.com', 'ntp2.corp.com'],
restrict => [
'default ignore',
'-6 default ignore',
'127.0.0.1',
'-6 ::1',
'ntp1.corp.com nomodify notrap nopeer noquery',
'ntp1.corp.com nomodify notrap nopeer noquery'
],
}
```

###I only want to listen on specific interfaces, not on 0.0.0.0

Restricting this is especially useful on Openstack nodes which may have numerous virtual interfaces.
Expand Down

0 comments on commit 2be7648

Please sign in to comment.