22.14.2. Configure the Firewall Using the Command Line
To enable
NTP to pass through the firewall using the command line, issue the following command as root:
~]# lokkit --port=123:udp --update
Note that this will restart the firewall as long as it has not been disabled with the --disabled option. Active connections will be terminated and time out on the initiating machine.
When preparing a configuration file for multiple installations using administration tools, it is useful to edit the firewall configuration file directly. Note that any mistakes in the configuration file could have unexpected consequences, cause an error, and prevent the firewall setting from being applied. Therefore, check the
/etc/sysconfig/system-config-firewall file thoroughly after editing.
To enable
NTP to pass through the firewall, by editing the configuration file, become the root user and add the following line to /etc/sysconfig/system-config-firewall:
--port=123:udpNote that these changes will not take effect until the firewall is reloaded or the system restarted.
22.14.2.1. Checking Network Access for Incoming NTP Using the Command Line
To check if the firewall is configured to allow incoming
NTP traffic for clients using the command line, issue the following command as root:
~]# less /etc/sysconfig/system-config-firewall
# Configuration file for system-config-firewall
--enabled
--service=ssh
In this example taken from a default installation, the firewall is enabled but NTP has not been allowed to pass through. Once it is enabled, the following line appears as output in addition to the lines shown above:
--port=123:udp
To check if the firewall is currently allowing incoming
NTP traffic for clients, issue the following command as root:
~]# iptables -L -n | grep 'udp.*123'
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
