What Ports Need to be Opened for NTPD?

The Network Time Protocol Daemon (NTPD) is responsible for synchronizing the system clock with a remote NTP server. NTP uses the UDP protocol to communicate with other NTP servers. By default, NTP uses UDP port 123 to communicate with other NTP servers, while NTP clients utilize port 1023.

This article will illustrate the step-by-step procedure to open the ports for NTPD in Linux.

How to Configure Ports for NTPD Servers?

To open UDP port 123 for incoming traffic through the firewall, users can follow the below steps to configure the NTP server and open UDP port 123 for NTPD in Linux:

Step 1: Install NTP Package 

Before opening the ports for NTPD, it is necessary to install the NTP service in the operating system. For this, execute the below commands according to different Linux distributions:

$ sudo apt install ntp   # Ubuntu, Debian and LinuxMint
$ sudo yum install ntp   # CentOS
$ sudo dnf install ntp   # Fedora

The above command visualizes that ntp along with dependent packages has been installed in the operating system.

Step 2: Check the NTP Service

To check if the NTP service is running on the Linux system, utilize the “systemctl” command with the “status” option to check the status of the NTP service:

$ sudo systemctl status ntp

The output shows that ntp services are in an active state.

Note: If the NTP service is not running, start it by executing the “sudo systemctl start ntp” command.

Step 3: Open UDP Port 123 in the Firewall

To allow incoming NTP traffic through the firewall, use the “iptables” command to open the port. For this, the “-p” option specifies the protocol to be UDP, “–dport” specifies the destination port to be 123, and “-j” specifies that the traffic should be accepted:

$ sudo iptables -A INPUT -p udp --dport 123 -j ACCEPT

After executing the above command, it adds a new rule to the INPUT chain of the iptables firewall that allows incoming UDP traffic to port 123.

Step 4: Save the Firewall Rules

To make the firewall rules persistent, users need to save them. For this, install the “iptables-persistent” package to save the current iptables rules:

$ sudo apt install iptables-persistent

This command installs the “iptables-persistent” package, which allows users to save the current iptables rules to a file:

When prompted to save the current rules, choose “Yes” to save them.

Step 5: Verify the Firewall Rules 

To verify the UDP port 123 is open, run the “iptables” command with “L” and “n” options:

$ sudo iptables -L -n

This command lists all the current iptables rules. Users can see a rule that allows incoming UDP traffic to port 123.

How to Configure Ports for NTPD Clients?

To configure ports for NTPD clients in Linux, users need to modify the /etc/ntp.conf configuration file. Follow these steps to configure ports for NTPD clients:

Step 1: Open and Configure the /etc/ntp.conf File 

Open the /etc/ntp.conf file in a nano editor with root privileges. Locate the line that starts with the “restrict” keyword. This line defines the default access restrictions for incoming NTP packets. 

$ sudo nano /etc/ntp.conf

Add the following line after the restrict line to specify the port number “1023” for incoming UDP traffic:

listen on ens33 1023 udp

Save the changes to the /etc/ntp.conf file and exit the text editor.

Step 2: Restart the NTP Service

Restart the NTP service for the changes to take effect. The “systemctl” command is utilized with the “restart” option as below:

$ sudo systemctl restart ntp

Hence, the ntp services have been restarted and NTP clients use the specified UDP port number.


By default, NTPD uses UDP port 123 for NTP servers and 1023 port for NTP clients.These ports need to open to allow incoming NTP traffic through the firewall. It adds a new/updated rule to the iptables firewall that allows incoming UDP traffic. This article has illustrated step-by-step instructions to open the UDP port for NTP servers and clients in Linux.