e...@thyrsus.com said: >> Could that feature be moved to a packet filter? I think most >> OSes support some form of kernel level packet filtering. I'm not >> familiar with any details. > It could be. That would move control of it out of the ntp.conf file, > though, which I think would count as dropping the feature.
The parser could call out to a shell script that would check to see if the filter was in place and/or add it to the filtering list. That might need a separate script for each OS. I'm not plugged into that area. I think a lot of sites installed a packet filter rather than update their ntpd or ntp.conf to fix the DDoS mess from a year or 3 ago. Maybe at the border router. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
