fallenpega...@gmail.com said:
> I still want to strip it all and delegate it to iptables, case OMEGA.
I'm happy with that. It may not be my first choice, but it's a decision we
can all understand and get back to work.
Thanks.
Eric said:
> Case OMEGA:
> -I, -L, and the interface config directive all go away. The daemon listens
> on all interfaces all the time. Packet filtering is entirely outsourced to
> the kernel packet filter and-or dedicated firewalls. Attempting to invoke
> the old features fails loudly.
We still have the restrict stuff. They are pretty powerful. If you are
willing to translate interface names to IP Address ranges, I'll bet they can
cover many/most cases.
> Sysadmins are used to having to bounce a database server when listener
> interface has an address event, but bouncing ntpd is much less okay.
One interesting case is the home user. Roughly, they don't have sysadmins
and they only have one interface. (Laptops might have both WiFi and Ether,
but I'll bet somebody turns off WiFi if the Ether gets plugged in.)
By default, the ntp package on Debian is setup to use servers setup by dhcp
(if the dhcp server provides them).
>From /etc/init.d/ntp:
if [ -e /var/lib/ntp/ntp.conf.dhcp ]; then
NTPD_OPTS="$NTPD_OPTS -c /var/lib/ntp/ntp.conf.dhcp"
fi
Raspbian has:
/etc/dhcp/dhclient-exit-hooks.d/ntp
which restarts ntpd when dhcp reconnects. (or something like that)
--
These are my opinions. I hate spam.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
