blog/ufw: add port 123/NTP

2024-11-22 12:09:28 +01:00 · 2020-10-26 07:31:09 +02:00 · 2020-10-26 07:31:09 +02:00 · 4ba73b5498
commit 4ba73b5498
parent 2704d92543
1 changed files with 3 additions and 0 deletions
--- a/blog/_posts/2015-06-12-ufw.md
+++ b/blog/_posts/2015-06-12-ufw.md
@ -39,6 +39,8 @@ ufw default allow outgoing
 systemctl enable ufw && systemctl start ufw
 ufw enable
 ufw reject 113/tcp
+#ufw allow from 192.168.0.0/16 to any port 123 proto udp
+ufw allow from fe80::/10 to any port 123 proto udp
 #ufw allow from 192.168.8.0/24 to any port 631 proto tcp
 ufw allow from fe80::/10 to any port 631
 #ufw allow from 192.168.8.0/24 to any port 5353 proto udp
@ -64,6 +66,7 @@ ufw allow 60000:61000/udp
  allow this instead. And if you don't use IRC or don't care about having
  to wait for the check to timeout, don't do this as you may leave
  yourself visible to random port scanners.
+* 123 UDP/NTP - syncing time between local hosts
 * 631 both/cups — Allow access to cups for printer sharing from 192.168.8.xxx
    * fe80:://10 is link-local address existing _everywhere_ IPv6 is enabled,
      check your `ip addr` or on Windows `ipconfig /all` for fun.