allow NTP requests to network servers

2023-05-05 09:55:11 -04:00 · 2023-05-05 09:55:11 -04:00 · a74812ca6e
parent 04e7114468
commit a74812ca6e
1 changed files with 4 additions and 0 deletions
--- a/nftables-network.conf
+++ b/nftables-network.conf
@ -8,6 +8,7 @@ table inet filter {

        iif lo notrack accept
        tcp dport {22, 80, 443, 7275} notrack accept
+        udp dport 123 notrack accept;
        meta l4proto {icmp, ipv6-icmp} notrack accept
    }

@ -16,6 +17,7 @@ table inet filter {

        oif lo notrack accept
        tcp sport {22, 80, 443, 7275} notrack accept
+        udp sport 123 notrack accept;
        meta l4proto {icmp, ipv6-icmp} notrack accept
    }

@ -26,6 +28,8 @@ table inet filter {
        iif lo accept
        tcp dport {22, 80, 443, 7275} ip daddr {{ipv4_address}} accept
        tcp dport {22, 80, 443, 7275} ip6 daddr {{ipv6_address}} accept
+        udp dport 123 ip daddr {{ipv4_address}} accept
+        udp dport 123 ip6 daddr {{ipv6_address}} accept
        meta l4proto {icmp, ipv6-icmp} accept

        ct state vmap { invalid : drop, established : accept, related : accept }