From 62c9576df520bee025612d8916c2bccbe01ce9d3 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 24 Jun 2025 16:07:59 +0000
Subject: [PATCH] pf: Open NTP port from dna-gw hosts to clients

---
 roles/pf/templates/pf.conf.gw_dna.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/pf/templates/pf.conf.gw_dna.j2 b/roles/pf/templates/pf.conf.gw_dna.j2
index 1cfcf2b..56f19e9 100644
--- a/roles/pf/templates/pf.conf.gw_dna.j2
+++ b/roles/pf/templates/pf.conf.gw_dna.j2
@@ -62,6 +62,9 @@ pass in quick on $int_if proto tcp from $int_net to self port domain-s
 # allow tftp from internal net
 pass in quick on $int_if proto udp from $int_net to self port tftp
 
+# allow ntp from internal net
+pass in quick on $int_if proto udp from $int_net to self port ntp
+
 # allow http and https from outside
 pass in quick proto tcp from any to self port http
 pass in quick proto tcp from any to self port https