iptables

nycmeshnet · Dec 12, 2024 · 246f4f7 · 246f4f7
1 parent a0138f2
commit 246f4f7
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/ansible/roles/chrony_server/templates/iptables.j2 b/ansible/roles/chrony_server/templates/iptables.j2
@@ -16,6 +16,11 @@
 
 # Allow NTP traffic
 -A INPUT -d {{ NTP_IP }}/32 -p udp -m udp --dport 123 -j ACCEPT
--A INPUT -d {{ NTP_IP }}/32 -j DROP
+-A INPUT -d {{ NTP_IP }}/32 -p tcp -m tcp --dport 123 -j ACCEPT
+#-A INPUT -d {{ NTP_IP }}/32 -j DROP
+
+-A FORWARD -d {{ NTP_IP }}/32 -p udp -m udp --dport 123 -j ACCEPT
+-A FORWARD -d {{ NTP_IP }}/32 -p tcp -m tcp --dport 123 -j ACCEPT
+#-A FORWARD -d {{ NTP_IP }}/32 -j DROP
 
 COMMIT