From d4de2f9ea43d670645f5b8fabf2d1e2a65639191 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue, 3 Sep 2019 10:05:06 +0900
Subject: services: ntp: Fix KOD warning.

Otherwise the following messages would be printed by ntpd:

Sep  2 05:18:21 localhost ntpd[15849]: restrict default: KOD does nothing without LIMITE.
Sep  2 05:18:21 localhost ntpd[15849]: restrict ::: KOD does nothing without LIMITED.

Debian uses the same set of "restrict" keywords (see:
https://sources.debian.org/src/ntp/1:4.2.8p13+dfsg-2/debian/ntp.conf).

* gnu/services/networking.scm (ntp-shepherd-service): Add the 'limited'
keyword to both the IPv4 and IPv6 'restrict' directives.
---
 gnu/services/networking.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index e149fe0b69..13a5c6c98d 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -330,8 +330,8 @@ Protocol (DHCP) client, on all the non-loopback network interfaces."
                         "
 # Disable status queries as a workaround for CVE-2013-5211:
 # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
+restrict default kod nomodify notrap nopeer noquery limited
+restrict -6 default kod nomodify notrap nopeer noquery limited
 
 # Yet, allow use of the local 'ntpq'.
 restrict 127.0.0.1
-- 
cgit v1.2.3