firewall: allow udp/123 if ntpd is available.

2015-09-16 18:20:53 +02:00 · 2015-09-16 18:20:53 +02:00 · 3a21bf0eae
parent a9e353fe37
commit 3a21bf0eae
1 changed files with 9 additions and 7 deletions
--- a/8
+++ b/8
@ -205,9 +205,11 @@ fi
  $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 80 -m state --state NEW -m comment --comment "HTTP out"
  $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 443 -m state --state NEW -m comment --comment "HTTPS out"

-#  #### NTP
-#  $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 123 -m state --state NEW -m comment --comment "NTP"
-#
+  if [ $(command -v ntpd) ]; then
+    #### NTP
+    $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 123 -m state --state NEW -m comment --comment "NTP out"
+  fi
+
 #  #### Puppet (connection, ... )
 #  $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" --dport 8140 -m state --state NEW -m comment --comment "Puppet out"
  #### OpenPGP HTTP key server (add key, maj, ...)