[Solved] Allow apt in nftables

SpongeB0B

New Member
Joined
Feb 11, 2022
Messages
26
Reaction score
7
Credits
240
Hi everyone,

I'm trying to do a apt --update but I get ->

Could not connect to deb.devuan.org:80 (185.38.15.81), connection timed out
Could not connect to deb.devuan.org:80 (185.183.113.131), connection timed out
Could not connect to deb.devuan.org:80 (131.188.12.211), connection timed out
....

So the DNS resolution is passing but not to connection to deb.devuan.org:80 :(

It's my nftables that block it but I don't what to open to allow the connection

Here my nftables

Bash:
table ip6 Tip6 {
    chain chPR {
        type filter hook prerouting priority 0; policy drop;
    }
}

table ip Tip {

    chain chIN {
        type filter hook input priority 0; policy drop;
        ct state established,related accept
        iifname lo accept       
    }
    chain chFW {
        type filter hook forward priority 0; policy drop;
    }
    chain chOUT {
        type filter hook output priority 0; policy drop;
        udp dport 53 accept
        ct state established,related accept
    }
}
 


f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,618
Reaction score
3,325
Credits
33,512
You will probably need to add an exception for port 80 and 443 in "chain chOUT"
 
OP
SpongeB0B

SpongeB0B

New Member
Joined
Feb 11, 2022
Messages
26
Reaction score
7
Credits
240
Thank you @f33dm3bits !
I was writing an exception for 80. so I added 443 to (thanks it seem working )


Bash:
tcp dport { 80, 443 } ip daddr { 185.38.15.81, 185.183.113.131, 131.188.12.211 } accept
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,618
Reaction score
3,325
Credits
33,512
Why are you blocking outgoing connections by default unless whitelisted?
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Latest posts

Top