hmurray at megapathdsl.net
Mon May 28 02:10:31 UTC 2018
esr at thyrsus.com said:
>> Could that feature be moved to a packet filter? I think most
>> OSes support some form of kernel level packet filtering. I'm not
>> familiar with any details.
> It could be. That would move control of it out of the ntp.conf file,
> though, which I think would count as dropping the feature.
The parser could call out to a shell script that would check to see if the
filter was in place and/or add it to the filtering list.
That might need a separate script for each OS. I'm not plugged into that
area. I think a lot of sites installed a packet filter rather than update
their ntpd or ntp.conf to fix the DDoS mess from a year or 3 ago. Maybe at
the border router.
These are my opinions. I hate spam.
More information about the devel