Hello,
You have this terms in lo0.0 filter:
term allow-dns-traffic {
from {
source-address {
208.67.222.222/32;
208.67.220.220/32;
}
protocol [ tcp udp ];
source-port 1024-65535;
destination-port domain;
}
then accept;
}
term allow-ntp-traffic {
from {
source-address {
129.6.15.28/32;
}
protocol udp;
source-port 1024-65535;
destination-port ntp;
}
then accept;
}
FW filter on lo0.0 processes traffic _inbound_ to Routing Engine.
DNS query replies from server have source port 53 and destination port of either 53 or 1024-65535.
NTP replies from NTP server have source port 123 and destination port 123 or 1024-65535 after NAT.
I think You should reverse source and destination port definitions above.
HTH
Regards
Alex