From 73755ae4a951640f0686567f2e689408755f481c Mon Sep 17 00:00:00 2001
From: Joshua Boniface <joshua@boniface.me>
Date: Thu, 25 Oct 2018 11:43:38 -0400
Subject: [PATCH] Allow NTP in to the router in NFT

---
 node-daemon/pvcd/VXNetworkInstance.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/node-daemon/pvcd/VXNetworkInstance.py b/node-daemon/pvcd/VXNetworkInstance.py
index acc1cab3..4fcde209 100644
--- a/node-daemon/pvcd/VXNetworkInstance.py
+++ b/node-daemon/pvcd/VXNetworkInstance.py
@@ -76,10 +76,11 @@ add rule inet filter forward ip daddr {netaddr} counter jump {vxlannic}-in
 add rule inet filter forward ip saddr {netaddr} counter jump {vxlannic}-out
 # Allow ICMP traffic into the router from network
 add rule inet filter input ip protocol icmp meta iifname {bridgenic} counter accept
-# Allow DNS and DHCP traffic into the router from network
+# Allow DNS, DHCP, and NTP traffic into the router from network
 add rule inet filter input tcp dport 53 meta iifname {bridgenic} counter accept
 add rule inet filter input udp dport 53 meta iifname {bridgenic} counter accept
 add rule inet filter input udp dport 67 meta iifname {bridgenic} counter accept
+add rule inet filter input udp dport 123 meta iifname {bridgenic} counter accept
 # Block traffic into the router from network
 add rule inet filter input meta iifname {bridgenic} counter drop
 """.format(