Allowing UDP 123 is not secure enough if you really want to disable internet access. Also, the fact that it actually worked without also alowing DNS is already worrying. If we (rather safely) assume that NTP server IP is not hardcoded in the camera, that means that camera actually successfully resolved a DNS querry, probably through the openwrt device itself as a relay. This could allow data exfiltration through DNS. Yes, quite unlikely, but possible. Please disable DNS resolution for your camera's IP.
The proper way would be to sniff camera's traffic to see which NTP server (by DNS name) is it trying to reach. Then, use openwrt (or pihole, whatever you are using as DNS) to resolve that querry to your openwrt device, which should be set up to act as NTP relay.