allow time sync with AWS's NTP

2026-01-08 22:47:57 -05:00 · 2021-12-09 11:37:12 +03:00
parent 292304909f
commit 199bf2e2e1
2 changed files with 3 additions and 1 deletions
--- a/2
+++ b/2
--- a/systemd/tlsnotary_setup.sh
+++ b/systemd/tlsnotary_setup.sh
@@ -41,6 +41,8 @@ echo root:$pass2 | chpasswd
 #using -I to insert rules to the top of the list, i.e. they will appear in iptables in reverse order
 #allow only port 10011 and 10012 and localhost
 iptables -I INPUT -j DROP
+# allow time sync with AWS's NTP listening on link-local address
+iptables -I INPUT -s 169.254.169.123 -j ACCEPT
 iptables -I INPUT -p tcp --dport 10011 -j ACCEPT
 iptables -I INPUT -p tcp --dport 10012 -j ACCEPT
 #anti DoS: allow no more than 6 new connections every 40 seconds