iptables with NTP

ntp iptables

Solution 1:

When your computer tries to access the NTP server the source port will be indeterminate and the destination on the server will be 123. So, the opposite of what you currently have. Do this instead:

# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -i eth0 -p udp -m udp --sport 123 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 123 -j ACCEPT

EDIT: From comment questions:

For the INPUT chain --sport 123 means the port on the remote machine, and for the OUTPUT chain --dport 123 means the port on the remote machine.

One rule can work on multiple network interfaces by not specifying a network interface, although I do not understand why you would want to do that. So (untested):

-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT

Related

pbcopy exits code 1, no error message
How can I use wired ethernet + external monitor together on my Macbook Air (Late 2013)?
Terminal won't open after brew upgrade (dyld library not loaded)
Not able to run Petalinux in Ubuntu 20.04
In Safari "Export to PDF" looks different then "Print as PDF" - Why is this?
How can I change the decimal separator for my locale?
Where does Mail keep its configuration files?
Used Win install...Ubuntu won't start [closed]
Is there a way to set application-specific 'hot corners' in OS X?
How can I let Windows XP read Mac OS Extended (Journaled) drives?
Unable to mount Time Machine partition
Windows replaced Ubuntu's GRUB