allow NTP requests to network servers

This commit is contained in:
Daniel Micay 2023-05-05 09:55:11 -04:00
parent 04e7114468
commit a74812ca6e

View File

@ -8,6 +8,7 @@ table inet filter {
iif lo notrack accept iif lo notrack accept
tcp dport {22, 80, 443, 7275} notrack accept tcp dport {22, 80, 443, 7275} notrack accept
udp dport 123 notrack accept;
meta l4proto {icmp, ipv6-icmp} notrack accept meta l4proto {icmp, ipv6-icmp} notrack accept
} }
@ -16,6 +17,7 @@ table inet filter {
oif lo notrack accept oif lo notrack accept
tcp sport {22, 80, 443, 7275} notrack accept tcp sport {22, 80, 443, 7275} notrack accept
udp sport 123 notrack accept;
meta l4proto {icmp, ipv6-icmp} notrack accept meta l4proto {icmp, ipv6-icmp} notrack accept
} }
@ -26,6 +28,8 @@ table inet filter {
iif lo accept iif lo accept
tcp dport {22, 80, 443, 7275} ip daddr {{ipv4_address}} accept tcp dport {22, 80, 443, 7275} ip daddr {{ipv4_address}} accept
tcp dport {22, 80, 443, 7275} ip6 daddr {{ipv6_address}} accept tcp dport {22, 80, 443, 7275} ip6 daddr {{ipv6_address}} accept
udp dport 123 ip daddr {{ipv4_address}} accept
udp dport 123 ip6 daddr {{ipv6_address}} accept
meta l4proto {icmp, ipv6-icmp} accept meta l4proto {icmp, ipv6-icmp} accept
ct state vmap { invalid : drop, established : accept, related : accept } ct state vmap { invalid : drop, established : accept, related : accept }