From 4ba73b5498eac167ceeea1405f7ee7bcfde672b6 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Mon, 26 Oct 2020 07:31:09 +0200 Subject: [PATCH] blog/ufw: add port 123/NTP --- blog/_posts/2015-06-12-ufw.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/blog/_posts/2015-06-12-ufw.md b/blog/_posts/2015-06-12-ufw.md index 511d977..76dd19e 100644 --- a/blog/_posts/2015-06-12-ufw.md +++ b/blog/_posts/2015-06-12-ufw.md @@ -39,6 +39,8 @@ ufw default allow outgoing systemctl enable ufw && systemctl start ufw ufw enable ufw reject 113/tcp +#ufw allow from 192.168.0.0/16 to any port 123 proto udp +ufw allow from fe80::/10 to any port 123 proto udp #ufw allow from 192.168.8.0/24 to any port 631 proto tcp ufw allow from fe80::/10 to any port 631 #ufw allow from 192.168.8.0/24 to any port 5353 proto udp @@ -64,6 +66,7 @@ ufw allow 60000:61000/udp allow this instead. And if you don't use IRC or don't care about having to wait for the check to timeout, don't do this as you may leave yourself visible to random port scanners. +* 123 UDP/NTP - syncing time between local hosts * 631 both/cups — Allow access to cups for printer sharing from 192.168.8.xxx * fe80:://10 is link-local address existing _everywhere_ IPv6 is enabled, check your `ip addr` or on Windows `ipconfig /all` for fun.