Show Table of Contents
22.14.2. Configure the Firewall Using the Command Line
NTPto pass through the firewall using the command line, issue the following command as
~]#Note that this will restart the firewall as long as it has not been disabled with the
lokkit --port=123:udp --update
--disabledoption. Active connections will be terminated and time out on the initiating machine.
When preparing a configuration file for multiple installations using administration tools, it is useful to edit the firewall configuration file directly. Note that any mistakes in the configuration file could have unexpected consequences, cause an error, and prevent the firewall setting from being applied. Therefore, check the
/etc/sysconfig/system-config-firewallfile thoroughly after editing.
NTPto pass through the firewall, by editing the configuration file, become the
rootuser and add the following line to
--port=123:udpNote that these changes will not take effect until the firewall is reloaded or the system restarted.
22.214.171.124. Checking Network Access for Incoming NTP Using the Command Line
To check if the firewall is configured to allow incoming
NTPtraffic for clients using the command line, issue the following command as root:
~]#In this example taken from a default installation, the firewall is enabled but
less /etc/sysconfig/system-config-firewall# Configuration file for system-config-firewall --enabled --service=ssh
NTPhas not been allowed to pass through. Once it is enabled, the following line appears as output in addition to the lines shown above:
To check if the firewall is currently allowing incoming
NTPtraffic for clients, issue the following command as
iptables -L -n | grep 'udp.*123'ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123