0

I have to block all outgoing connections on ports that are not used, but i can not find the port used by pacman to synchronize and update/install packages. On the internet, i found that pacman uses either http or ftp protocols depending on the repos, so when i allow only those protocols using iptables and try to install a package i receive connection related errors.

Does pacman uses dynamic ports or specific prots ?

here is an example of what i was doing:
The os is in a VM
This version of arch.

user@archlinux ~> sudo iptables -F user@archlinux ~> sudo iptables -A OUTPUT -p TCP --sport 1:500 -j ACCEPT user@archlinux ~> sudo iptables -A OUTPUT -p TCP --sport 4242 -j ACCEPT # My ssh connection user@archlinux ~> sudo iptables -A OUTPUT -p UDP --sport 1:500 -j ACCEPT user@archlinux ~> sudo iptables -A OUTPUT -j DROP user@archlinux ~> sudo pacman -S mariadb resolving dependencies... looking for conflicting packages... Packages (5) jemalloc-1:5.2.0-1 lzo-2.10-2 mariadb-clients-10.4.6-1 mariadb-libs-10.4.6-1 mariadb-10.4.6-1 Total Download Size: 45.61 MiB Total Installed Size: 290.92 MiB :: Proceed with installation? [Y/n] :: Retrieving packages... error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from mirror.xtom.com.hk : Could not resolve host: mirror.xtom.com.hk error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from archlinux.surlyjake.com : Could not resolve host: archlinux.surlyjake.com error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from mirror.datacenter.by : Could not resolve host: mirror.datacenter.by error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from archlinux.za.mirror.allworldit.com : Could not resolve host: archlinux.za.mirror.allworldit.com error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from archlinux.iskon.hr : Could not resolve host: archlinux.iskon.hr error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from ftp.vectranet.pl : Could not resolve host: ftp.vectranet.pl error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from mirror.netcologne.de : Could not resolve host: mirror.netcologne.de error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from mirror.0x.sg : Could not resolve host: mirror.0x.sg error: failed retrieving file 'lzo-2.10-2-x86_64.pkg.tar.xz' from mirror.umd.edu : Could not resolve host: mirror.umd.edu



Thank you in advance.

Improve this question
1
  • 3
    Your examples filter outbound connections based on their soruce port, not outbound connections based on their destination port. This is rather uncommon and does not really make sense security-wise. Are you sure this is what you want? Commented Jun 30, 2019 at 21:31

2 Answers 2

Reset to default
1

I think there is an problem with the DNS resolving. You have to allow the port 53 UDP outgoing for DNS. Best regards.

Improve this answer
0

pacman uses HTTP and HTTPS for downloading packages. Which one depends on the contents of your /etc/pacman.d/mirrorlist.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.