Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ntp: T6080: T6123: restrict config.boot.default NTP settings to RFC1918 and fe80::/10, fc00::/7 only #559

Merged
merged 1 commit into from
Apr 13, 2024
Merged

ntp: T6080: T6123: restrict config.boot.default NTP settings to RFC1918 and fe80::/10, fc00::/7 only #559

merged 1 commit into from
Apr 13, 2024

Conversation

Giggum
Copy link
Contributor

@Giggum Giggum commented Apr 11, 2024
edited by c-po
Loading

Change Summary

Adds ipv4/ipv6 localhost, link-local and private address as allowed-clients to NTP service.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe): Enhancement to produce a stronger default install configuration

Related Task(s)

https://vyos.dev/T5694
https://vyos.dev/T6123
https://vyos.dev/T6080

Component(s) name

Proposed changes

How to test

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@Giggum
Enhance config.boot.default NTP allow-clients for T5694 and T6123
d2d083a 
Adds ipv4/ipv6 localhost, link-local and private address as allowed-clients to NTP service.
@vyosbot vyosbot requested a review from a team April 11, 2024 15:55
@vyosbot vyosbot requested review from dmbaturin, sarthurdev, zdc, jestabro, sever-sever and c-po and removed request for a team April 11, 2024 15:55
@c-po c-po changed the title Enhance config.boot.default NTP allow-clients for T5694, T6080 and T6123 ntp: T6080: T6123: restrict config.boot.default NTP settings to RFC1918 and fe80::/10, fc00::/7 only Apr 12, 2024
c-po
c-po approved these changes Apr 12, 2024
View reviewed changes
Copy link
Member

@c-po c-po left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

default configuration is translated to:

set service ntp allow-client address '10.0.0.0/8'
set service ntp allow-client address '127.0.0.0/8'
set service ntp allow-client address '169.254.0.0/16'
set service ntp allow-client address '172.16.0.0/12'
set service ntp allow-client address '192.168.0.0/16'
set service ntp allow-client address '::1/128'
set service ntp allow-client address 'fc00::/7'
set service ntp allow-client address 'fe80::/10'
set service ntp server time1.vyos.net
set service ntp server time2.vyos.net
set service ntp server time3.vyos.net

While walking up through all migration scripts.

Commit message can be adjusted during squash

@c-po
Copy link
Member

c-po commented Apr 13, 2024

@Mergifyio backport sagitta

@mergify Mergify
Copy link

mergify bot commented Apr 13, 2024
edited
Loading

backport sagitta

✅ Backports have been created

dmbaturin
dmbaturin approved these changes Apr 13, 2024
View reviewed changes
Copy link
Member

@dmbaturin dmbaturin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I kept thinking about including those defaults implicitly in the template, but explicit config options are probably better indeed.

@dmbaturin dmbaturin merged commit ba77dc5 into vyos:current Apr 13, 2024
4 of 5 checks passed
@mergify mergify bot mentioned this pull request Apr 13, 2024
Merged
11 tasks
c-po added a commit that referenced this pull request Apr 14, 2024
@c-po
Merge pull request #567 from vyos/mergify/bp/sagitta/pr-559
4afafbf 
ntp: T6080: T6123: restrict config.boot.default NTP settings to RFC1918 and fe80::/10, fc00::/7 only (backport #559)
@Giggum Giggum deleted the vyos-build_T5694-6123 branch May 3, 2024 01:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin dmbaturin approved these changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

@sever-sever sever-sever Awaiting requested review from sever-sever sever-sever is a code owner automatically assigned from vyos/reviewers

Assignees

@Giggum Giggum

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Giggum @c-po @dmbaturin