What are the iptables rules to permit ntp?

ubuntu iptables ntp
88,942

"out and back" implies you are an NTP client and want to talk to a server i'd imagine by default you can do this; if you haven't set up a firewall to block everything, and have iptables set up at all, you'll have a "allow related/established" rule which means replies to outgoing requests are allowed automatically

in any case, NTP is UDP port 123, so, assuming you are a CLIENT and want to access NTP servers you'd do:

iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
iptables -A INPUT -p udp --sport 123 -j ACCEPT

these will append the rules to the end of your OUTPUT and INPUT chains

Assuming you want to be a server, you'd do

iptables -A INPUT -p udp --dport 123 -j ACCEPT
iptables -A OUTPUT -p udp --sport 123 -j ACCEPT

I have a script which implements all my firewall rules, and I call it from /etc/rc.local which runs on startup on my machine (ubuntu 8.04 LTS)

EDIT: You've clarified that this is because you are a client. In ubuntu's default configuration, you shouldn't have to alter any firewall settings to do this. What firewall configuration have you done? If nothing, I'm inclinced to believe that this isn't a firewall issue.

Share:
88,942

Related videos on Youtube

John Mee
Author by

John Mee

Updated on September 17, 2022

Comments

  • John Mee
    John Mee over 1 year

    My server's clock is wrong because the firewall doesn't permit ntp traffic. What are the iptables rules required to allow the ntp client to get out and back?

    Any suggestions how to implement those rules on Ubuntu also appreciated.

    • Ignacio Vazquez-Abrams
      Ignacio Vazquez-Abrams about 14 years
      You mean so that your machine can act as a NTP server?
    • John Mee
      John Mee about 14 years
      Acting as client.
  • Admin
    Admin over 11 years
    There is a problem with the rule: > iptables -A INPUT -p udp --sport 123 -j ACCEPT With the above rule someone can connect to another protected port on your server, though connect is not the right term because it is udp. I will return and edit this once I find the answer.
  • frymaster
    frymaster over 11 years
    Like I said, most clients will have a "allow related/established" rule - that is better because it makes a note of your outgoing query (to port 123 from port somethingRandom) and will allow the incoming packet from that IP from port 123 to port somethingRandom only
  • xi.lin
    xi.lin almost 7 years
    It seems that even when I'm trying to be a Client only, I have to add this rule iptables -A INPUT -p udp --dport 123 -j ACCEPT in my case

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ntp date not showing the correct time
need to route the traffic through a specific network card
NTP not syncing in a VM
Setting up a Linux server with a public Static IP
What Iptables rules need I to forward a windows remote desktop connection?
Port Mirroring using iptables - copy all traffic among nginx on :80 and Apache on :8080
How to route the incoming connections through a specific interface?
Ubuntu 12.10 Clock is wrong
How to block https website with iptables
How can I check whether my NTP daemon has PPS support?