mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-11 15:08:33 +01:00
ntpd: Don't answer status queries
Workaround for CVE-2013-5211: http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using
This commit is contained in:
parent
d451d12128
commit
9e7fe29e41
|
@ -15,6 +15,9 @@ let
|
|||
# chroot to ${stateDir}, we have to specify it as /ntp.drift.
|
||||
driftfile /ntp.drift
|
||||
|
||||
restrict default kod nomodify notrap nopeer noquery
|
||||
restrict -6 default kod nomodify notrap nopeer noquery
|
||||
|
||||
${toString (map (server: "server " + server + " iburst\n") config.services.ntp.servers)}
|
||||
'';
|
||||
|
||||
|
|
Loading…
Reference in a new issue