22.14.2. Configure the Firewall Using the Command Line
NTP to pass through the firewall using the command line, issue the following command as
Note that this will restart the firewall as long as it has not been disabled with the
lokkit --port=123:udp --update
--disabled option. Active connections will be terminated and time out on the initiating machine.
When preparing a configuration file for multiple installations using administration tools, it is useful to edit the firewall configuration file directly. Note that any mistakes in the configuration file could have unexpected consequences, cause an error, and prevent the firewall setting from being applied. Therefore, check the
/etc/sysconfig/system-config-firewall file thoroughly after editing.
NTP to pass through the firewall, by editing the configuration file, become the
root user and add the following line to
--port=123:udpNote that these changes will not take effect until the firewall is reloaded or the system restarted.
220.127.116.11. Checking Network Access for Incoming NTP Using the Command Line
To check if the firewall is configured to allow incoming
NTP traffic for clients using the command line, issue the following command as root:
In this example taken from a default installation, the firewall is enabled but
# Configuration file for system-config-firewall
NTP has not been allowed to pass through. Once it is enabled, the following line appears as output in addition to the lines shown above:
To check if the firewall is currently allowing incoming
NTP traffic for clients, issue the following command as
iptables -L -n | grep 'udp.*123'
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123