I tried to open my firewall up to NTP (client) using the "FW_ALLOW_INCOMING_HIGHPORTS_UDP" in the" firewall2.rc.config" file. This did not work. The problem is that when the NTP request is sent to the server (dest port 123) the response was coming back with a source port of 123 as well. The "FW_ALLOW_INCOMING_HIGHPORTS_UDP" permits NTP replies on source ports 1024-65535. I fixed it by adding the following rule to "firewall2-custom.rc.config"; iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p udp --sport ntp --dport ntp (Opinions on the security of this rule welcome.) Is this a promblem with the NTP software/configuration on the client or server or a problem with SuSEfirewall2? SuSEfirewall2 is commented as follows, regarding the "FW_ALLOW_INCOMING_HIGHPORTS_UDP" option; # Common: "DNS" or "domain ntp", better is "yes" to be sure ... rickey