Cannot set `iptables` so NTP works while internet access is blocked

Asked Feb 28 '25 at 18:11

Active Feb 28 '25 at 18:11

Viewed 17 times

I want to configure iptables such that it blocks everything except

Date time synchronization over the internet using NTP and
Access from machines in the LAN.

I wrote the following script:

# Reset firewall:
iptables -F
Allow NTP so the hour syncs over the internet:
iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
iptables -A INPUT -p udp --sport 123 -j ACCEPT
Allow LAN:
iptables -A INPUT -s $NETWORK_ADDRESS/$MASK -j ACCEPT
iptables -A OUTPUT -d $NETWORK_ADDRESS/$MASK -j ACCEPT
Block all the rest:
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP

following this answer. After the script, I run sudo date -s "2 OCT 2006 18:00:00" && sudo service ntp stop && sudo service ntp start && date && watch -n 1 date. However, the date and time never synchronize until I do iptables -F.

What am I doing wrong?

asked Feb 28 '25 at 18:11

user171780

Cannot set `iptables` so NTP works while internet access is blocked

Allow NTP so the hour syncs over the internet:

Allow LAN:

Block all the rest:

0 Answers0