IPTables 允许 NTP 时间服务器

我是 IPTables 新手。我有一个似乎运行良好的现有配置。我不确定我是否知道如何Chain RH-Firewall-1-INPUT正确地将 NTP 添加到规则中。我的目标是添加一条附加规则以允许 NTP 输入服务器，以便它可以充当我的网络的 NTP 服务器。我是否只需要iptables -I RH-Firewall-1-INPUT -p udp --dport 123 -j ACCEPT，当然，如果它有效，iptables save 我不确定是否应该使用 -I Insert 或 -A Append，或者它是否更困难。下面是我现有的配置iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:squid
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited