[Pool] Firewall recommendations for ntp server?

Kiss Gábor kissg at niif.hu
Fri May 8 07:31:42 UTC 2015

> of my eye, mostly < 2000).  Periodically, they will spike to well over 32768
> for minutes at a time.  The default conntrack limit (nf_conntrack_max) for
> 512MB was like 16384, and this was pretty easy to hit.  I've bumped it up to
> 32768 and decreased many timeouts, and there are still several times a day
> where this is reached.  The few times that I was able to tcpdump the
> interface when the connection count was high, I only saw NTP traffic,
> nothing looked like it was a DDOS or hacking (99% being NTP client/server
> packets), so my guess is that something got rebooted and maybe tons of
> devices are all hitting the box at once? Not sure, have been limited in that

iptables(8) writes:
       This target disables connection tracking for all packets
       matching that rule.
       It can only be used in the raw table.

What about this?



More information about the pool mailing list