X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/firewall/blobdiff_plain/1382f5abe4c55c4425ab3132b989e960042d18e6..701eeba7dec8bdc8a89d78da3caa19d6f0d30b1e:/national.m4

diff --git a/national.m4 b/national.m4
index d58593a..d7d22b1 100644
--- a/national.m4
+++ b/national.m4
@@ -33,6 +33,11 @@ allowservices inbound tcp \
 allowservices inbound udp \
 	tripe
 
+## We use public NTP servers.
+run ip46tables -A inbound -j ACCEPT \
+	-m state --state ESTABLISHED \
+	-p udp --source-port 123 --destination-port 123
+
 ## Other interesting things.
 dnsresolver inbound
 dnsserver inbound