Time to time, it's easy to get a little overly aggressive with firewall rules and lock down a service that your system depends on to function. NTP is one of those services which can be a pain to get working right through an aggressive firewall.
There are a few options when it comes to allowing NTP traffic, depending on the type of setup you are running, and if you are using a stateful firewall (aka connection tracking).
If you are running the standard ntpd daemon or ntpdate and no connection tracking/stateful firewalling...
iptables -A INPUT -p udp --sport 123 --dport 123 <optional: -s IP_Addr_Of_NTP_Server> -j ACCEPT iptables -A OUTPUT -p udp --sport 123 --dport 123 <optional: -d IP_Addr_Of_NTP_Server> -j ACCEPT
(note that the above, without the -s flag on INPUT, will allow anyone to query your NTP server unless you specifically refused them in ntpd.conf)
If you are running the standard ntpd daemon or ntpdate with connection tracking/stateful firewalling...
iptables -A OUTPUT -p udp --dport 123 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p udp --sport 123 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
As you can see, when using conntrack, it is much easier to control access, as the firewall can keep track of packets in and out, and will allow the return packets as appropriate. If you want to allow incoming NTP connections from people, then add NEW to the ctstate.