X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/f513127acd3ccf2f6ec695ba5d9396739bd21aba..3e47a702519350809a38400b03b79d37abbc4d13:/functions.m4

diff --git a/functions.m4 b/functions.m4
index d059de6..2267af6 100644
--- a/functions.m4
+++ b/functions.m4
@@ -289,11 +289,12 @@ allowservices () {
 ## Add rules to CHAIN to allow NTP with NTPSERVERs.
 ntpclient () {
   set -e
-  chain=$1; shift
-  for ntp; do
-    run iptables -A $chain -s $ntp -j ACCEPT \
-	    -p udp --source-port 123 --destination-port 123
-  done
+  ntpchain=$1; shift
+
+  clearchain ntp-servers
+  for ntp; do run iptables -A ntp-servers -j ACCEPT -s $ntp; done
+  run iptables -A $ntpchain -j ntp-servers \
+	  -p udp --source-port 123 --destination-port 123
 }
 
 ## dnsresolver CHAIN