Hi all!
I’m running VyOS nightly (1.4-rolling-202302010317), and have the following config for NTP:
admin@fw02# show service ntp | commands
set allow-client address '192.168.2.0/24'
set listen-address '0.0.0.0'
set server 0.pool.ntp.org
set server 1.pool.ntp.org
set server 2.pool.ntp.org
With that config, chronyd doesn’t open a port on UDP 0.0.0.0:123. I’ve discovered, that when I delete the deny all line in /run/chrony/chrony.conf and restart chrony with systemctl restart chrony, chronyd correctly opens the port. From what I’ve tested, it does filter correctly without the deny all, but please verify that.
Please let me know if you need any more debugging/testing.
Thanks!