Mark Atwood <[email protected]>:
> It is possible to write an iptables kernel loadable module that can do
> application level filtering, and the ntp packet format even lends itself to
> it.
>
> However, we will not go down that route. It would be Linux-only, it would
> be outside of our remit and outside of our current hot skill-set, it would
> be yet another moving part, it would be difficult to package, and difficult
> to get many installations to install, as they get very strict about which
> KLMs they will install, and all for very little if any performance increase.
>
> We will put the ntp application level packet filter in user space in the
> ntpsec implementation, not in the kernel.
>
> ..m
I concur 100% on both result and reasoning.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
_______________________________________________
devel mailing list
[email protected]
http://lists.ntpsec.org/mailman/listinfo/devel
