📖 ~1 min read
Table of contents
Symptom & Impact
chronyc sources shows unreachable peers and system time diverges from reference clocks.
Environment & Reproduction
Outbound or inbound UDP 123 is denied in the active firewalld zone.
Root Cause Analysis
Check sudo firewall-cmd –list-services and chronyc sources -v for reachability details.
Quick Triage
Identify active interface zone mapping and confirm NTP requirement for that path.
Step-by-Step Diagnosis
Allow NTP using sudo firewall-cmd –add-service=ntp –permanent in the correct zone.
Solution – Primary Fix
Reload firewalld, restart chronyd if needed, and verify synchronization recovers.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Confirm chronyc tracking reports normal leap status and acceptable offsets.
Verification & Acceptance Criteria
Remove broad rules and keep only minimal NTP service exposure in required zones.
Rollback Plan
Incorporate NTP firewall policy checks into host validation runbooks.
Prevention & Hardening
Alert on chrony source reachability and firewall rule drift events.
Related Errors & Cross-Refs
Manage firewalld service entries through automated configuration pipelines.
Related tutorial: View the step-by-step tutorial for rhel-9.
View all rhel-9 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
See firewalld and chrony references for secure, reliable time synchronization on RHEL 9.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
