ntpd running as non-root, but outgoing packets match as uid 0

iptables ntpd

For a program to use a port less then 1024 it must be root. Many applications like NTP will start, open the port as root, and then drop privileges to some defined account for everything else.


There are mistake in Your iptables rule: 

iptables -A OUTPUT -m owner --uid-owner ntp -p udp --dport 123 -j ACCEPT

If You use --uid-owner it is necessary to define uid - numeric value.
For the program name You need another option: --cmd-owner. Correct rule is:

iptables -A OUTPUT -m owner --cmd-owner ntp -p udp --dport 123 -j

Detailed explanation You may read in great book by Oskar Andreasson.

Related

Postfix sasl auth only for fallback_relay
What causes duplicate ICMP ECHO responses?
How to return 403 instead 500 response code after auth_request fails
Transaction support within the specified resource manager is not started or was shut down due to an error
VMware VM with more than 2TB of disk space
Apache2, Kerberos: gss_accept_sec_context() failed: An unsupported mechanism was requested
Getting random/intermittent 503 errors on my local IIS website
How to delete 100 GB folder in Windows
How important is LDAP over SSL with Active Directory?
Multiple virtual VLAN interfaces on single NIC (Debian)
Downloading from wget - folder issue
When you exhaust a 1 Gpbs connection to your main haproxy, how do you scale out?