From a74812ca6e3550c587d8dcb6756a55b8f43a3127 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 5 May 2023 09:55:11 -0400
Subject: [PATCH] allow NTP requests to network servers

---
 nftables-network.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nftables-network.conf b/nftables-network.conf
index 45112b3..dd1b9f4 100644
--- a/nftables-network.conf
+++ b/nftables-network.conf
@@ -8,6 +8,7 @@ table inet filter {
 
         iif lo notrack accept
         tcp dport {22, 80, 443, 7275} notrack accept
+        udp dport 123 notrack accept;
         meta l4proto {icmp, ipv6-icmp} notrack accept
     }
 
@@ -16,6 +17,7 @@ table inet filter {
 
         oif lo notrack accept
         tcp sport {22, 80, 443, 7275} notrack accept
+        udp sport 123 notrack accept;
         meta l4proto {icmp, ipv6-icmp} notrack accept
     }
 
@@ -26,6 +28,8 @@ table inet filter {
         iif lo accept
         tcp dport {22, 80, 443, 7275} ip daddr {{ipv4_address}} accept
         tcp dport {22, 80, 443, 7275} ip6 daddr {{ipv6_address}} accept
+        udp dport 123 ip daddr {{ipv4_address}} accept
+        udp dport 123 ip6 daddr {{ipv6_address}} accept
         meta l4proto {icmp, ipv6-icmp} accept
 
         ct state vmap { invalid : drop, established : accept, related : accept }