base::ntp: Restrict incoming ntp connections, fragment cleanup
The ntp iptables rules date from the days when Unix Systems actually ran ntp servers on Linux hosts. Since the ntp service is now provided by hardware appliances there is no need to allow inbound ntp connections. Remove the iptables rules allow inbound ntp connections at Rob Riepel's suggestion. Similarly remove restrict entries from ntp.conf that point at hosts that are no longer ntp servers. Be a bit more conservative and leave the restrict to the current ntp servers. Remove some iptables fragments that are no longer used to reduce confusion.
Showing
- NEWS 9 additions, 0 deletionsNEWS
- files/iptables/fragments/afssvr 0 additions, 10 deletionsfiles/iptables/fragments/afssvr
- files/iptables/fragments/afssvr-secure 0 additions, 48 deletionsfiles/iptables/fragments/afssvr-secure
- files/iptables/fragments/ldap 0 additions, 8 deletionsfiles/iptables/fragments/ldap
- files/iptables/fragments/ldap-only 0 additions, 12 deletionsfiles/iptables/fragments/ldap-only
- files/ntp/etc/ntp.conf 1 addition, 4 deletionsfiles/ntp/etc/ntp.conf
- manifests/ntp.pp 0 additions, 8 deletionsmanifests/ntp.pp
Loading
Please register or sign in to comment