allow NTP requests to network servers

nftables-network.conf

@@ -8,6 +8,7 @@ table inet filter {
 
         iif lo notrack accept
         tcp dport {22, 80, 443, 7275} notrack accept
+        udp dport 123 notrack accept;
         meta l4proto {icmp, ipv6-icmp} notrack accept
     }
 
@@ -16,6 +17,7 @@ table inet filter {
 
         oif lo notrack accept
         tcp sport {22, 80, 443, 7275} notrack accept
+        udp sport 123 notrack accept;
         meta l4proto {icmp, ipv6-icmp} notrack accept
     }
 
@@ -26,6 +28,8 @@ table inet filter {
         iif lo accept
         tcp dport {22, 80, 443, 7275} ip daddr {{ipv4_address}} accept
         tcp dport {22, 80, 443, 7275} ip6 daddr {{ipv6_address}} accept
+        udp dport 123 ip daddr {{ipv4_address}} accept
+        udp dport 123 ip6 daddr {{ipv6_address}} accept
         meta l4proto {icmp, ipv6-icmp} accept
 
         ct state vmap { invalid : drop, established : accept, related : accept }