Way Too Much Ubuntu
Hi everyone,
I placed this command to protect my computers:
/sbin/iptables -A OUTPUT -j REJECT
I realized though that this closes the computers from receiving time from it's network time servers. How do I keep the computer's access to network time servers open?
Ubuntu Member
Actually, the rule prevents your computer from even asking for NTP stuff in the first place. You have to allow your computer access to external port 123, or if you know the IP address of the NTP server you could allow that IP address. Something like:
You might find you need to also allow traffic to/from the local interface:Code:/sbin/iptables -A OUTPUT --dport 123 -j ACCEPT /sbin/iptables -A OUTPUT -j REJECT
Without the bigger context of what you are trying to do, it is hard to comment further.Code:/sbin/iptables -A OUTPUT -o lo -j ACCEPT /sbin/iptables -A OUTPUT --dport 123 -j ACCEPT /sbin/iptables -A OUTPUT -j REJECT
Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.
Way Too Much Ubuntu
Is this the line that opens the local interface?
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
Io is a small "L" right, it's not a big "i"?
Ubuntu Member
Yes and yes.Originally Posted by webmiester
Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.
Way Too Much Ubuntu
How about:
/sbin/iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
Will this do the same thing?
Woof
No. That only allows the host to talk to itself on its own loopback port.
I don't recommend blocking OUTPUT. It will break lots of things.
Oh, and when specifying a port number, you have to specify tcp or udp as well. Like this:
Code:/sbin/iptables -A OUTPUT -p tcp --dport 123 -j ACCEPT
Way Too Much Ubuntu
Oh thanks.
Ubuntu Member
My syntax mistake, sorry.
Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.
Posting Permissions
Adv Reply
Bookmarks