remove ntp firewall rule

[JC-wk]

Resolves #4703

What is being addressed

Remove the network rule collection containing the default allow all rule to UDP 123

Why

Workspaces by default block outbound UDP however the core subnets do not.
The linux vm's in the core subnet use chronyd to synchronize against the Azure host rather than an external NTP time source.
The rule being a wildcard also presents a risk of it being used for data exfiltration.

Users can audit NTP by running the following in their primary log analytics workspace (log-TREName)

AZFWNetworkRule 
| where Protocol == "UDP" and DestinationPort == "123" 
| summarize by SourceIp, DestinationIp

I have done this and only the admin Jumpbox was using it however it does not require it due to it also supporting the host sync method.

TRE's requiring NTP

If a TRE requires NTP for non-core purposes such as to sync with domain controller this can be achieved in either of the following ways:

1. Create a shared service containing the required firewall rule in terraform.
2. Add the rule to the Template pipeline of the service they are deploying (see https://microsoft.github.io/AzureTRE/unreleased/tre-templates/pipeline-templates/pipeline-schema/)

[github-actions]

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 6d47507.

♻️ This comment has been updated with latest results.

[james-annages]

LGTM

[tamirkamara]

/test-extended 6d47507

[github-actions]

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/18693935782 (with refid f23a3a7b)

(in response to this comment from @tamirkamara)

[github-actions]

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/18693935782 (with refid f23a3a7b)

(in response to this comment from @tamirkamara)

[tamirkamara]

/test-destroy-env

[github-actions]

Destroying branch test environment (RG: rg-tre22a1cade)... (run: https://github.com/microsoft/AzureTRE/actions/runs/18706944417)

[github-actions]

Branch test environment destroy complete (RG: rg-tre22a1cade)

[github-actions]

Destroying PR test environment (RG: rg-tref23a3a7b)... (run: https://github.com/microsoft/AzureTRE/actions/runs/18706944417)

[github-actions]

PR test environment destroy complete (RG: rg-tref23a3a7b)

[tamirkamara]

/test-extended

[github-actions]

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/18707546077 (with refid f23a3a7b)

(in response to this comment from @tamirkamara)

[tamirkamara]

/test-force-approve

[github-actions]

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 6d47507)

(in response to this comment from @tamirkamara)