[Solved] Allow apt in nftables

SpongeB0B

New Member
Joined
Feb 11, 2022
Messages
28
Reaction score
7
Credits
258
Hi everyone,

I'm trying to do a apt --update but I get ->

Could not connect to deb.devuan.org:80 (185.38.15.81), connection timed out
Could not connect to deb.devuan.org:80 (185.183.113.131), connection timed out
Could not connect to deb.devuan.org:80 (131.188.12.211), connection timed out
....

So the DNS resolution is passing but not to connection to deb.devuan.org:80 :(

It's my nftables that block it but I don't what to open to allow the connection

Here my nftables

Bash:
table ip6 Tip6 {
    chain chPR {
        type filter hook prerouting priority 0; policy drop;
    }
}

table ip Tip {

    chain chIN {
        type filter hook input priority 0; policy drop;
        ct state established,related accept
        iifname lo accept       
    }
    chain chFW {
        type filter hook forward priority 0; policy drop;
    }
    chain chOUT {
        type filter hook output priority 0; policy drop;
        udp dport 53 accept
        ct state established,related accept
    }
}
 


f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,776
Reaction score
3,430
Credits
34,774
You will probably need to add an exception for port 80 and 443 in "chain chOUT"
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,776
Reaction score
3,430
Credits
34,774
Why are you blocking outgoing connections by default unless whitelisted?
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Top