* <[email protected]>
> 3. Disable connection tracking altogether (I think the best solution,
> no?)
This. At least do it just for your NTP traffic. Since NTP is UDP,
there's in reality no "connections" to track, and netfilter can't
remove an active flow immediately after it's over (since UDP, unlike
TCP, gives no hint to third-party observers like netfilter that "this
conversation is over"). So they all have to time out instead.
Something like this ought to do the trick:
ip{6,}tables -t raw -I PREROUTING -p udp --dport ntp -j NOTRACK
ip{6,}tables -t raw -I OUTPUT -p udp --sport ntp -j NOTRACK
Tore
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
