[Solved] Allow apt in nftables

SpongeB0B

Member
Joined
Feb 11, 2022
Messages
30
Reaction score
7
Credits
270
Hi everyone,

I'm trying to do a apt --update but I get ->

Could not connect to deb.devuan.org:80 (185.38.15.81), connection timed out
Could not connect to deb.devuan.org:80 (185.183.113.131), connection timed out
Could not connect to deb.devuan.org:80 (131.188.12.211), connection timed out
....

So the DNS resolution is passing but not to connection to deb.devuan.org:80 :(

It's my nftables that block it but I don't what to open to allow the connection

Here my nftables

Bash:
table ip6 Tip6 {
    chain chPR {
        type filter hook prerouting priority 0; policy drop;
    }
}

table ip Tip {

    chain chIN {
        type filter hook input priority 0; policy drop;
        ct state established,related accept
        iifname lo accept       
    }
    chain chFW {
        type filter hook forward priority 0; policy drop;
    }
    chain chOUT {
        type filter hook output priority 0; policy drop;
        udp dport 53 accept
        ct state established,related accept
    }
}
 


You will probably need to add an exception for port 80 and 443 in "chain chOUT"
 
Why are you blocking outgoing connections by default unless whitelisted?
 

Members online


Latest posts

Top