Yo Achim! On Tue, 14 Jun 2016 20:39:35 +0200 Achim Gratz <[email protected]> wrote:
> Daniel Franke writes:
> >> Are there other good ACL languages that we can steal the spec or
> >> implementation from
> >
> > Most of the features we want to match on (basically everything
> > except IP/port) are NTP-specific, so not directly. But a lot of my
> > design was inspired by iptables.
>
> Sorry for the sidetracking, but while you mention iptables: if we can
> presume the existence of a packet filter in the OS, would it perhaps
> make sense to not implement that part of the filtering in ntpd and
> leave it to that filter?
I would use iptables, but iptables are a large burden on an embedded
system. I certainly do not want to have to manage iptables on my
old RasPi B. Or any of my RasPi's.
My head would hurt if I had to write an iptables rule that would allow
remote requests, but not remote peering.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
[email protected] Tel:+1 541 382 8588
pgpCcw6DHUNHh.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
