diff --git a/bin/firewall-sosdg b/bin/firewall-sosdg
index 58f7c8c..25f486e 100755
--- a/bin/firewall-sosdg
+++ b/bin/firewall-sosdg
@@ -202,6 +202,11 @@ if [ "$IPTABLES_MULTIPORT" ]; then
 	  esac
 fi
 
+# Trying to better clean up some of my code, so lets try using a blackhole target
+$IPTABLES -N BLACKHOLE
+$IPTABLES -A BLACKHOLE -j DROP
+
+
 $IPTABLES -A INPUT -i lo -j ACCEPT
 $IPTABLES -A OUTPUT -o lo -j ACCEPT
 
diff --git a/include/functions b/include/functions
index c78e170..d8323f6 100755
--- a/include/functions
+++ b/include/functions
@@ -159,6 +159,17 @@ function apply_ipv4_hack {
 				fi
 			done
 		;;
+		NTPDDOSRATELIMIT)
+			# Rate limit NTP DDOS UDP traffic using rules provided on the nanog list by
+			# pashdown@xmission.com
+			$IPTABLES -N NTP
+			$IPTABLES -I 1 BLACKHOLE -m recent --set --name ntpv4blackhole --rsource
+			$IPTABLES -A NTP -m recent --update --seconds 5 --hitcount 20 --name \
+					ntpv4 --rsource -j BLACKHOLE
+			$IPTABLES -A NTP -m recent --update --seconds 5 --hitcount 2 --name \
+					ntpv4blackhole --rsource -j DROP
+			$IPTABLES -A NTP -m recent --set --name ntpv4 --rsource -j ACCEPT
+			$IPTABLES -A INPUT -p udp -m udp --dport 123 -j NTP
 		esac
 		shift
 	done