How do I block outgoing ports in Firewalld and allow specific ports like 80, 443, etc ?
I don’t think there is a simple push button way in the GUI to block outgoing ports unless it was added recently.
Last time I needed to do that I had to add custom rules.
GUFW allows blocking of outgoing ports pretty easily but unfortunately ufw can’t comntrol NFTABLES.
It can if you install iptables-nft
However, you don’t want to mix ufw and firewalld and if you switch to ufw to easily block outbound ports you lose the inbound flexibility and simplicity of firewalld.
It wasn’t that hard to make the rules in firewalld. I am not in front of the machine where I did that right now to share the rules with you but I can take a look tomorrow.
1 Like
In an old thread I asked if there’s a way to confirm if I am using IPTABLES or NFTABLES. That thread is locked so I am asking again. This time the result of sudo iptables -L
is different so I am once again confused.
table ip filter {
chain INPUT {
type filter hook input priority filter; policy drop;
counter packets 10714 bytes 13776702 jump ufw-before-logging-input
counter packets 10714 bytes 13776702 jump ufw-before-input
counter packets 0 bytes 0 jump ufw-after-input
counter packets 0 bytes 0 jump ufw-after-logging-input
counter packets 0 bytes 0 jump ufw-reject-input
counter packets 0 bytes 0 jump ufw-track-input
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
counter packets 0 bytes 0 jump ufw-before-logging-forward
counter packets 0 bytes 0 jump ufw-before-forward
counter packets 0 bytes 0 jump ufw-after-forward
counter packets 0 bytes 0 jump ufw-after-logging-forward
counter packets 0 bytes 0 jump ufw-reject-forward
counter packets 0 bytes 0 jump ufw-track-forward
}
chain OUTPUT {
type filter hook output priority filter; policy drop;
counter packets 8625 bytes 690279 jump ufw-before-logging-output
counter packets 8625 bytes 690279 jump ufw-before-output
counter packets 80 bytes 6890 jump ufw-after-output
counter packets 80 bytes 6890 jump ufw-after-logging-output
counter packets 80 bytes 6890 jump ufw-reject-output
counter packets 80 bytes 6890 jump ufw-track-output
}
chain ufw-before-logging-input {
}
chain ufw-before-logging-output {
}
chain ufw-before-logging-forward {
}
chain ufw-before-input {
iifname "lo" counter packets 6 bytes 1326 accept
# xt_conntrack counter packets 10708 bytes 13775376 accept
# xt_conntrack counter packets 0 bytes 0 jump ufw-logging-deny
# xt_conntrack counter packets 0 bytes 0 drop
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw-not-local
meta l4proto udp ip daddr 224.0.0.251 # xt_udp counter packets 0 bytes 0 accept
meta l4proto udp ip daddr 239.255.255.250 # xt_udp counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw-user-input
}
chain ufw-before-output {
oifname "lo" counter packets 8 bytes 1406 accept
# xt_conntrack counter packets 8368 bytes 671445 accept
counter packets 249 bytes 17428 jump ufw-user-output
}
chain ufw-before-forward {
# xt_conntrack counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw-user-forward
}
chain ufw-after-input {
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
# xt_addrtype counter packets 0 bytes 0 jump ufw-skip-to-policy-input
}
chain ufw-after-output {
}
chain ufw-after-forward {
}
chain ufw-after-logging-input {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw-after-logging-output {
limit rate 3/minute burst 10 packets counter packets 42 bytes 4002 # xt_LOG
}
chain ufw-after-logging-forward {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw-reject-input {
}
chain ufw-reject-output {
}
chain ufw-reject-forward {
}
chain ufw-track-input {
}
chain ufw-track-output {
}
chain ufw-track-forward {
}
chain ufw-logging-deny {
# xt_conntrack limit rate 3/minute burst 10 packets counter packets 0 bytes 0 return
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw-logging-allow {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw-skip-to-policy-input {
counter packets 0 bytes 0 drop
}
chain ufw-skip-to-policy-output {
counter packets 0 bytes 0 drop
}
chain ufw-skip-to-policy-forward {
counter packets 0 bytes 0 drop
}
chain ufw-not-local {
# xt_addrtype counter packets 0 bytes 0 return
# xt_addrtype counter packets 0 bytes 0 return
# xt_addrtype counter packets 0 bytes 0 return
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 jump ufw-logging-deny
counter packets 0 bytes 0 drop
}
chain ufw-user-input {
}
chain ufw-user-output {
meta l4proto tcp # xt_tcp counter packets 8 bytes 480 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 101 bytes 6458 accept
meta l4proto tcp # xt_tcp counter packets 59 bytes 3540 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 1 bytes 60 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
}
chain ufw-user-forward {
}
chain ufw-user-logging-input {
}
chain ufw-user-logging-output {
}
chain ufw-user-logging-forward {
}
chain ufw-user-limit {
limit rate 3/minute counter packets 0 bytes 0 # xt_LOG
counter packets 0 bytes 0 # xt_REJECT
}
chain ufw-user-limit-accept {
counter packets 0 bytes 0 accept
}
}
table ip6 filter {
chain INPUT {
type filter hook input priority filter; policy drop;
counter packets 36 bytes 3410 jump ufw6-before-logging-input
counter packets 36 bytes 3410 jump ufw6-before-input
counter packets 0 bytes 0 jump ufw6-after-input
counter packets 0 bytes 0 jump ufw6-after-logging-input
counter packets 0 bytes 0 jump ufw6-reject-input
counter packets 0 bytes 0 jump ufw6-track-input
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
counter packets 0 bytes 0 jump ufw6-before-logging-forward
counter packets 0 bytes 0 jump ufw6-before-forward
counter packets 0 bytes 0 jump ufw6-after-forward
counter packets 0 bytes 0 jump ufw6-after-logging-forward
counter packets 0 bytes 0 jump ufw6-reject-forward
counter packets 0 bytes 0 jump ufw6-track-forward
}
chain OUTPUT {
type filter hook output priority filter; policy drop;
counter packets 89 bytes 7894 jump ufw6-before-logging-output
counter packets 89 bytes 7894 jump ufw6-before-output
counter packets 41 bytes 4044 jump ufw6-after-output
counter packets 41 bytes 4044 jump ufw6-after-logging-output
counter packets 41 bytes 4044 jump ufw6-reject-output
counter packets 41 bytes 4044 jump ufw6-track-output
}
chain ufw6-before-logging-input {
}
chain ufw6-before-logging-output {
}
chain ufw6-before-logging-forward {
}
chain ufw6-before-input {
iifname "lo" counter packets 2 bytes 152 accept
# xt_rt counter packets 0 bytes 0 drop
# xt_conntrack counter packets 16 bytes 2050 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
# xt_conntrack counter packets 0 bytes 0 jump ufw6-logging-deny
# xt_conntrack counter packets 0 bytes 0 drop
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 4 bytes 256 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 7 bytes 504 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 7 bytes 448 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto udp ip6 saddr fe80::/10 ip6 daddr fe80::/10 # xt_udp counter packets 0 bytes 0 accept
meta l4proto udp ip6 daddr ff02::fb # xt_udp counter packets 0 bytes 0 accept
meta l4proto udp ip6 daddr ff02::f # xt_udp counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw6-user-input
}
chain ufw6-before-output {
oifname "lo" counter packets 2 bytes 152 accept
# xt_rt counter packets 0 bytes 0 drop
# xt_conntrack counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 1 bytes 48 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 7 bytes 448 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 8 bytes 576 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 14 bytes 1344 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
counter packets 57 bytes 5326 jump ufw6-user-output
}
chain ufw6-before-forward {
# xt_rt counter packets 0 bytes 0 drop
# xt_conntrack counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw6-user-forward
}
chain ufw6-after-input {
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
}
chain ufw6-after-output {
}
chain ufw6-after-forward {
}
chain ufw6-after-logging-input {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw6-after-logging-output {
limit rate 3/minute burst 10 packets counter packets 37 bytes 3664 # xt_LOG
}
chain ufw6-after-logging-forward {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw6-reject-input {
}
chain ufw6-reject-output {
}
chain ufw6-reject-forward {
}
chain ufw6-track-input {
}
chain ufw6-track-output {
}
chain ufw6-track-forward {
}
chain ufw6-logging-deny {
# xt_conntrack limit rate 3/minute burst 10 packets counter packets 0 bytes 0 return
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw6-logging-allow {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw6-skip-to-policy-input {
counter packets 0 bytes 0 drop
}
chain ufw6-skip-to-policy-output {
counter packets 0 bytes 0 drop
}
chain ufw6-skip-to-policy-forward {
counter packets 0 bytes 0 drop
}
chain ufw6-user-input {
}
chain ufw6-user-output {
meta l4proto tcp # xt_tcp counter packets 11 bytes 880 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 1 bytes 82 accept
meta l4proto tcp # xt_tcp counter packets 4 bytes 320 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
}
chain ufw6-user-forward {
}
chain ufw6-user-logging-input {
}
chain ufw6-user-logging-output {
}
chain ufw6-user-logging-forward {
}
chain ufw6-user-limit {
limit rate 3/minute counter packets 0 bytes 0 # xt_LOG
counter packets 0 bytes 0 # xt_REJECT
}
chain ufw6-user-limit-accept {
counter packets 0 bytes 0 accept
}
}
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ct state invalid drop comment "early drop of invalid connections"
ct state { established, related } accept comment "allow tracked connections"
iifname "lo" accept comment "allow from loopback"
ip protocol icmp accept comment "allow icmp"
meta l4proto ipv6-icmp accept comment "allow icmp v6"
tcp dport 22 accept comment "allow sshd"
meta pkttype host limit rate 5/second counter packets 0 bytes 0 reject with icmpx admin-prohibited
counter packets 19 bytes 608
}
chain forward {
type filter hook forward priority filter; policy drop;
}
}
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
ufw-track-forward all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ufw-before-logging-output all -- anywhere anywhere
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere
ufw-after-logging-output all -- anywhere anywhere
ufw-reject-output all -- anywhere anywhere
ufw-track-output all -- anywhere anywhere
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc
ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ufw-user-forward all -- anywhere anywhere
Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- anywhere anywhere ctstate INVALID
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ufw-not-local all -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere 239.255.255.250 udp dpt:ssdp
ufw-user-input all -- anywhere anywhere
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-user-output all -- anywhere anywhere
Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10
DROP all -- anywhere anywhere
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-track-forward (1 references)
target prot opt source destination
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
Chain ufw-user-forward (1 references)
target prot opt source destination
Chain ufw-user-input (1 references)
target prot opt source destination
Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-user-logging-forward (0 references)
target prot opt source destination
Chain ufw-user-logging-input (0 references)
target prot opt source destination
Chain ufw-user-logging-output (0 references)
target prot opt source destination
Chain ufw-user-output (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT udp -- anywhere anywhere udp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:ircs-u
ACCEPT udp -- anywhere anywhere udp dpt:6697
So which one is in use ? IPTABLES or NFTABLES ?
I have uninstalled firewalld and installed ufw.
By default I have denied all incoming and all outgoing. I confirmed that its working by trying load website in Firefox which didn’t load. Then I allowed outgoing ports 80, 443, 53 after which websites started loding.
Problem is I am not sure if ufw is using IPTABLES or NFTABLES as its backend.
what is the output of the command :
iptables -V
If it’s return (legacy) or (nf_tables)
$ iptables -V
iptables v1.8.7 (nf_tables)
So NFTABLES is in use ?
yes
Thanks. I have noted that command for future use.
commands nft list tables and nft list ruleset should provide a output if it’s well configured.
sudo nft list tables
table ip filter
table ip6 filter
table inet filter
nft list ruleset
table ip filter {
chain INPUT {
type filter hook input priority filter; policy drop;
counter packets 253190 bytes 315308358 jump ufw-before-logging-input
counter packets 253190 bytes 315308358 jump ufw-before-input
counter packets 0 bytes 0 jump ufw-after-input
counter packets 0 bytes 0 jump ufw-after-logging-input
counter packets 0 bytes 0 jump ufw-reject-input
counter packets 0 bytes 0 jump ufw-track-input
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
counter packets 0 bytes 0 jump ufw-before-logging-forward
counter packets 0 bytes 0 jump ufw-before-forward
counter packets 0 bytes 0 jump ufw-after-forward
counter packets 0 bytes 0 jump ufw-after-logging-forward
counter packets 0 bytes 0 jump ufw-reject-forward
counter packets 0 bytes 0 jump ufw-track-forward
}
chain OUTPUT {
type filter hook output priority filter; policy drop;
counter packets 123226 bytes 25952712 jump ufw-before-logging-output
counter packets 123226 bytes 25952712 jump ufw-before-output
counter packets 146 bytes 11922 jump ufw-after-output
counter packets 146 bytes 11922 jump ufw-after-logging-output
counter packets 146 bytes 11922 jump ufw-reject-output
counter packets 146 bytes 11922 jump ufw-track-output
}
chain ufw-before-logging-input {
}
chain ufw-before-logging-output {
}
chain ufw-before-logging-forward {
}
chain ufw-before-input {
iifname "lo" counter packets 6 bytes 1326 accept
# xt_conntrack counter packets 253184 bytes 315307032 accept
# xt_conntrack counter packets 0 bytes 0 jump ufw-logging-deny
# xt_conntrack counter packets 0 bytes 0 drop
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw-not-local
meta l4proto udp ip daddr 224.0.0.251 # xt_udp counter packets 0 bytes 0 accept
meta l4proto udp ip daddr 239.255.255.250 # xt_udp counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw-user-input
}
chain ufw-before-output {
oifname "lo" counter packets 8 bytes 1406 accept
# xt_conntrack counter packets 121879 bytes 25765168 accept
counter packets 1339 bytes 186138 jump ufw-user-output
}
chain ufw-before-forward {
# xt_conntrack counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
meta l4proto icmp # xt_icmp counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw-user-forward
}
chain ufw-after-input {
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw-skip-to-policy-input
# xt_addrtype counter packets 0 bytes 0 jump ufw-skip-to-policy-input
}
chain ufw-after-output {
}
chain ufw-after-forward {
}
chain ufw-after-logging-input {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw-after-logging-output {
limit rate 3/minute burst 10 packets counter packets 86 bytes 7346 # xt_LOG
}
chain ufw-after-logging-forward {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw-reject-input {
}
chain ufw-reject-output {
}
chain ufw-reject-forward {
}
chain ufw-track-input {
}
chain ufw-track-output {
}
chain ufw-track-forward {
}
chain ufw-logging-deny {
# xt_conntrack limit rate 3/minute burst 10 packets counter packets 0 bytes 0 return
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw-logging-allow {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw-skip-to-policy-input {
counter packets 0 bytes 0 drop
}
chain ufw-skip-to-policy-output {
counter packets 0 bytes 0 drop
}
chain ufw-skip-to-policy-forward {
counter packets 0 bytes 0 drop
}
chain ufw-not-local {
# xt_addrtype counter packets 0 bytes 0 return
# xt_addrtype counter packets 0 bytes 0 return
# xt_addrtype counter packets 0 bytes 0 return
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 jump ufw-logging-deny
counter packets 0 bytes 0 drop
}
chain ufw-user-input {
}
chain ufw-user-output {
meta l4proto tcp # xt_tcp counter packets 75 bytes 4500 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 654 bytes 42816 accept
meta l4proto tcp # xt_tcp counter packets 368 bytes 22080 accept
meta l4proto udp # xt_udp counter packets 95 bytes 104760 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 1 bytes 60 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
}
chain ufw-user-forward {
}
chain ufw-user-logging-input {
}
chain ufw-user-logging-output {
}
chain ufw-user-logging-forward {
}
chain ufw-user-limit {
limit rate 3/minute counter packets 0 bytes 0 # xt_LOG
counter packets 0 bytes 0 # xt_REJECT
}
chain ufw-user-limit-accept {
counter packets 0 bytes 0 accept
}
}
table ip6 filter {
chain INPUT {
type filter hook input priority filter; policy drop;
counter packets 128 bytes 11026 jump ufw6-before-logging-input
counter packets 128 bytes 11026 jump ufw6-before-input
counter packets 0 bytes 0 jump ufw6-after-input
counter packets 0 bytes 0 jump ufw6-after-logging-input
counter packets 0 bytes 0 jump ufw6-reject-input
counter packets 0 bytes 0 jump ufw6-track-input
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
counter packets 0 bytes 0 jump ufw6-before-logging-forward
counter packets 0 bytes 0 jump ufw6-before-forward
counter packets 0 bytes 0 jump ufw6-after-forward
counter packets 0 bytes 0 jump ufw6-after-logging-forward
counter packets 0 bytes 0 jump ufw6-reject-forward
counter packets 0 bytes 0 jump ufw6-track-forward
}
chain OUTPUT {
type filter hook output priority filter; policy drop;
counter packets 282 bytes 24390 jump ufw6-before-logging-output
counter packets 282 bytes 24390 jump ufw6-before-output
counter packets 115 bytes 10916 jump ufw6-after-output
counter packets 115 bytes 10916 jump ufw6-after-logging-output
counter packets 115 bytes 10916 jump ufw6-reject-output
counter packets 115 bytes 10916 jump ufw6-track-output
}
chain ufw6-before-logging-input {
}
chain ufw6-before-logging-output {
}
chain ufw6-before-logging-forward {
}
chain ufw6-before-input {
iifname "lo" counter packets 2 bytes 152 accept
# xt_rt counter packets 0 bytes 0 drop
# xt_conntrack counter packets 40 bytes 5122 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
# xt_conntrack counter packets 0 bytes 0 jump ufw6-logging-deny
# xt_conntrack counter packets 0 bytes 0 drop
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 25 bytes 1600 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 31 bytes 2232 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 30 bytes 1920 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto udp ip6 saddr fe80::/10 ip6 daddr fe80::/10 # xt_udp counter packets 0 bytes 0 accept
meta l4proto udp ip6 daddr ff02::fb # xt_udp counter packets 0 bytes 0 accept
meta l4proto udp ip6 daddr ff02::f # xt_udp counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw6-user-input
}
chain ufw6-before-output {
oifname "lo" counter packets 2 bytes 152 accept
# xt_rt counter packets 0 bytes 0 drop
# xt_conntrack counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 3 bytes 144 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 31 bytes 1984 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 31 bytes 2232 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 counter packets 60 bytes 5760 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp ip6 saddr fe80::/10 # xt_icmp6 # xt_hl counter packets 0 bytes 0 accept
counter packets 155 bytes 14118 jump ufw6-user-output
}
chain ufw6-before-forward {
# xt_rt counter packets 0 bytes 0 drop
# xt_conntrack counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp # xt_icmp6 counter packets 0 bytes 0 accept
counter packets 0 bytes 0 jump ufw6-user-forward
}
chain ufw6-after-input {
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
meta l4proto udp # xt_udp counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
}
chain ufw6-after-output {
}
chain ufw6-after-forward {
}
chain ufw6-after-logging-input {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw6-after-logging-output {
limit rate 3/minute burst 10 packets counter packets 111 bytes 10536 # xt_LOG
}
chain ufw6-after-logging-forward {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw6-reject-input {
}
chain ufw6-reject-output {
}
chain ufw6-reject-forward {
}
chain ufw6-track-input {
}
chain ufw6-track-output {
}
chain ufw6-track-forward {
}
chain ufw6-logging-deny {
# xt_conntrack limit rate 3/minute burst 10 packets counter packets 0 bytes 0 return
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw6-logging-allow {
limit rate 3/minute burst 10 packets counter packets 0 bytes 0 # xt_LOG
}
chain ufw6-skip-to-policy-input {
counter packets 0 bytes 0 drop
}
chain ufw6-skip-to-policy-output {
counter packets 0 bytes 0 drop
}
chain ufw6-skip-to-policy-forward {
counter packets 0 bytes 0 drop
}
chain ufw6-user-input {
}
chain ufw6-user-output {
meta l4proto tcp # xt_tcp counter packets 35 bytes 2800 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 1 bytes 82 accept
meta l4proto tcp # xt_tcp counter packets 4 bytes 320 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
meta l4proto tcp # xt_tcp counter packets 0 bytes 0 accept
meta l4proto udp # xt_udp counter packets 0 bytes 0 accept
}
chain ufw6-user-forward {
}
chain ufw6-user-logging-input {
}
chain ufw6-user-logging-output {
}
chain ufw6-user-logging-forward {
}
chain ufw6-user-limit {
limit rate 3/minute counter packets 0 bytes 0 # xt_LOG
counter packets 0 bytes 0 # xt_REJECT
}
chain ufw6-user-limit-accept {
counter packets 0 bytes 0 accept
}
}
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ct state invalid drop comment "early drop of invalid connections"
ct state { established, related } accept comment "allow tracked connections"
iifname "lo" accept comment "allow from loopback"
ip protocol icmp accept comment "allow icmp"
meta l4proto ipv6-icmp accept comment "allow icmp v6"
tcp dport 22 accept comment "allow sshd"
meta pkttype host limit rate 5/second counter packets 3 bytes 396 reject with icmpx admin-prohibited
counter packets 418 bytes 28305
}
chain forward {
type filter hook forward priority filter; policy drop;
}
}
@dalto mentioned ufw needs the package iptables-nft to control NFTABLES but ufw started working before I installed iptables-nft which was a bit confusing. I later installed iptables-nft anyway just in case there is any complications.
This is my ufw config
$ sudo ufw status verbose
[sudo] password for home:
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80 ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
443 ALLOW OUT Anywhere
995 ALLOW OUT Anywhere
6697 ALLOW OUT Anywhere
80 (v6) ALLOW OUT Anywhere (v6)
53 (v6) ALLOW OUT Anywhere (v6)
443 (v6) ALLOW OUT Anywhere (v6)
995 (v6) ALLOW OUT Anywhere (v6)
6697 (v6) ALLOW OUT Anywhere (v6)
Hope your are not using both legacy and nft, check : pacman -Qn
Personal tips : I’ve already made some test in the past and always back to iptables legacy (no ufw or gufw, just iptables rules, why?, i just wait for nftables to be implemented by default (had some rules problem for configuring my VPN), and i don’t use IPV6 (disabled on router and OS)
pacman -Qn output
a52dec 0.7.4-11
aalib 1.4rc5-14
accountsservice 22.08.8-1
acl 2.3.1-2
adobe-source-code-pro-fonts 2.038ro+1.058it+1.018var-1
adobe-source-han-sans-cn-fonts 2.004-1
adobe-source-han-sans-jp-fonts 2.004-1
adobe-source-han-sans-kr-fonts 2.004-1
adwaita-icon-theme 41.0-1
alsa-card-profiles 1:0.3.48-1
alsa-firmware 1.2.4-2
alsa-lib 1.2.6.1-1
alsa-plugins 1:1.2.6-3
alsa-topology-conf 1.2.5.1-1
alsa-ucm-conf 1.2.6.3-1
alsa-utils 1.2.6-1
aom 3.3.0-1
apparmor 3.0.4-1
archlinux-keyring 20220224-1
argon2 20190702-4
at-spi2-atk 2.38.0-1
at-spi2-core 2.42.0-1
atk 2.36.0-1
atkmm 2.28.2-2
attica 5.91.0-1
attr 2.5.1-2
audiocd-kio 21.12.3-1
audit 3.0.7-1
autoconf 2.71-1
automake 1.16.5-1
avahi 0.8+22+gfd482a7-3
b43-fwcutter 019-3
baka-mplayer 2.0.4-4
base 2-2
bash 5.1.016-1
bash-completion 2.11-2
bind 9.18.0-1
binutils 2.38-3
bison 3.8.2-3
blueman 2.2.4-1
bluez 5.63-2
bluez-libs 5.63-2
bluez-utils 5.63-2
breeze 5.24.3-1
breeze-gtk 5.24.3-1
breeze-icons 5.91.0-1
brotli 1.0.9-7
btrfs-progs 5.16.2-1
bubblewrap 0.6.1-1
bzip2 1.0.8-4
ca-certificates 20210603-1
ca-certificates-mozilla 3.76-1
ca-certificates-utils 20210603-1
cairo 1.17.4-5
cairomm 1.14.3-2
cantarell-fonts 1:0.303.1-1
cdparanoia 10.2-8
chromaprint 1.5.1-2
coreutils 9.0-2
crda 4.14-4
cryptsetup 2.4.3-2
curl 7.82.0-1
dav1d 0.9.2-1
db 5.3.28-5
dbus 1.14.0-1
dbus-glib 0.112-2
dbus-python 1.2.18-3
dconf 0.40.0-1
desktop-file-utils 0.26-2
device-mapper 2.03.15-1
dhclient 4.4.3-1
dialog 1:1.3_20220117-1
diffutils 3.8-1
ding-libs 0.6.1-4
dkms 3.0.3-1
dmidecode 3.3-1
dmraid 1.0.0.rc16.3-13
dnsmasq 2.86-1
dnssec-anchors 20190629-3
dosfstools 4.2-2
double-conversion 3.2.0-1
downgrade 11.1.0-1
duf 0.8.1-1
e2fsprogs 1.46.5-3
efibootmgr 17-2
efitools 1.9.2-4
efivar 38-2
ell 0.49-1
enchant 2.3.2-1
endeavouros-keyring 1-5
endeavouros-mirrorlist 4.4.2-1
endeavouros-theming 7.0-2
eos-apps-info 1.2.4-1
eos-bash-shared 1.10.35-1
eos-hooks 1.4.20-1
eos-log-tool 1.4.13-1.1
eos-rankmirrors 2.2.5-1
eos-translations 1.1.68-1
eos-update-notifier 1.15.1-1
ethtool 1:5.16-1
exfatprogs 1.1.3-1
expat 2.4.7-1
f2fs-tools 1.14.0-3
faac 1.30-3
faad2 2.10.0-1
fakeroot 1.28-1
farstream 0.2.9-3
featherpad 1.1.1-1
ffmpeg 2:5.0-5
ffmpeg4.4 4.4.1-4
ffmpegthumbnailer 2.2.2-4
fftw 3.3.10-2
file 5.41-1
filesystem 2021.12.07-1
findutils 4.9.0-1
firefox 98.0-1
firejail 0.9.68-1
flac 1.3.4-2
flex 2.6.4-3
fluidsynth 2.2.5-1
fontconfig 2:2.13.96-1
frameworkintegration 5.91.0-1
freeimage 3.18.0-12
freetype2 2.11.1-1
fribidi 1.0.11-1
fsarchiver 0.8.6-1
fuse-common 3.10.5-1
fuse2 2.9.9-4
fuse3 3.10.5-1
fzf 0.29.0-1
gawk 5.1.1-1
gc 8.2.0-2
gcc 11.2.0-4
gcc-libs 11.2.0-4
gcr 3.41.0-1
gdbm 1.23-1
gdk-pixbuf-xlib 2.40.2-1
gdk-pixbuf2 2.42.6-2
geoip 1.6.12-2
geoip-database 20220222-1
gettext 0.21-2
giflib 5.2.1-2
git 2.35.1-1
glances 3.2.4-2
glib-networking 1:2.70.1-1
glib2 2.70.4-2
glibc 2.35-2
glibmm 2.66.2-1
glslang 11.8.0-2
glu 9.0.2-2
gmp 6.2.1-1
gnu-netcat 0.7.1-8
gnupg 2.2.32-2
gnutls 3.7.3-1
gobject-introspection-runtime 1.70.0-5
gparted 1.3.1-1
gpgme 1.17.1-1
gpm 1.20.7.r38.ge82d1a6-4
gptfdisk 1.0.8-1
graphene 1.10.6-1
graphite 1:1.3.14-1
grep 3.7-1
groff 1.22.4-6
grub 2:2.06-4
grub-tools 1.6.6-1
grub2-theme-endeavouros 20211129-1
gsettings-desktop-schemas 41.0-1
gsm 1.0.19-1
gspell 1.8.4-1
gssdp 1.4.0.1-1
gssproxy 0.8.4-1
gst-libav 1.20.0-3
gst-plugin-pipewire 1:0.3.48-1
gst-plugins-bad 1.20.0-3
gst-plugins-bad-libs 1.20.0-3
gst-plugins-base 1.20.0-3
gst-plugins-base-libs 1.20.0-3
gst-plugins-good 1.20.0-3
gst-plugins-ugly 1.20.0-3
gstreamer 1.20.0-3
gtk-update-icon-cache 1:4.6.1-3
gtk2 2.24.33-2
gtk3 1:3.24.33-1
gtkmm3 3.24.5-2
gtksourceview3 3.24.11+28+g73e57b57-1
gtkspell 2.0.16-8
guile 2.2.7-2
gupnp 1:1.4.3-1
gupnp-igd 1.2.0-2
gvfs 1.48.1-3
gvfs-mtp 1.48.1-3
gzip 1.11-1
harfbuzz 4.0.1-1
harfbuzz-icu 4.0.1-1
haveged 1.9.17-1
hdparm 9.63-2
hicolor-icon-theme 0.17-2
hidapi 0.11.2-1
hunspell 1.7.0-3
hwdata 0.357-1
hwdetect 2022.01-5
hwinfo 21.80-1
hwloc 2.7.0-1
hyphen 2.8.8-3
iana-etc 20220205-1
icu 70.1-1
imagemagick 7.1.0.27-1
imath 3.1.4-1
imlib2 1.8.0-1
inetutils 2.2-1
iniparser 4.1-4
intel-ucode 20220207-1
inxi 3.3.13.1-1
iproute2 5.16.0-1
iptables-nft 1:1.8.7-1
iputils 20211215-1
ipw2100-fw 1.3-10
ipw2200-fw 3.1-8
iso-codes 4.9.0-1
iw 5.16-1
iwd 1.25-1
jansson 2.14-1
jasper 2.0.33-1
jemalloc 1:5.2.1-6
jfsutils 1.1.15-7
js78 78.15.0-3
json-c 0.15-3
json-glib 1.6.6-1
jxrlib 0.2.4-1
karchive 5.91.0-1
kauth 5.91.0-1
kbd 2.4.0-2
kbookmarks 5.91.0-1
kcmutils 5.91.0-1
kcodecs 5.91.0-1
kcolorpicker 0.1.6-1
kcompletion 5.91.0-1
kconfig 5.91.0-1
kconfigwidgets 5.91.0-1
kcoreaddons 5.91.0-1
kcrash 5.91.0-1
kdbusaddons 5.91.0-1
kdeclarative 5.91.0-1
kdecoration 5.24.3-1
kded 5.91.0-1
keepassxc 2.6.6-1
keyutils 1.6.3-1
kglobalaccel 5.91.0-1
kguiaddons 5.91.0-1
ki18n 5.91.0-1
kiconthemes 5.91.0-1
kidletime 5.91.0-1
kimageannotator 0.5.3-2
kio 5.91.0-1
kio-fuse 5.0.1-1
kirigami2 5.91.0-1
kitemviews 5.91.0-1
kjobwidgets 5.91.0-1
kmod 29-2
knewstuff 5.91.0-1
knotifications 5.91.0-1
kpackage 5.91.0-1
krb5 1.19.2-2
kservice 5.91.0-1
ksnip 1.9.2-1
ktextwidgets 5.91.0-1
kwallet 5.91.0-1
kwayland 5.91.0-1
kwidgetsaddons 5.91.0-1
kwindowsystem 5.91.0-1
kxmlgui 5.91.0-1
l-smash 2.14.5-2
lame 3.100-3
lcms2 2.13.1-1
ldns 1.8.1-1
less 1:590-1
libaio 0.3.112-2
libappindicator-gtk3 12.10.0.r296-1
libarchive 3.6.0-1
libass 0.15.2-2
libassuan 2.5.5-1
libasyncns 0.8+3+g68cd5af-3
libatasmart 0.19-5
libavc1394 0.5.4-4
libavtp 0.2.0-1
libblockdev 2.26-3
libbluray 1.3.0-2
libbs2b 3.1.0-7
libbytesize 2.6-3
libcaca 0.99.beta20-1
libcanberra 0.30+2+gc0620e4-5
libcap 2.63-2
libcap-ng 0.8.2-7
libcddb 1.3.2-6
libcdio 2.1.0-2
libcdio-paranoia 10.2+2.0.1-2
libcloudproviders 0.3.1-2
libcolord 1.4.6-1
libcups 1:2.4.1-1
libcurl-gnutls 7.82.0-1
libdaemon 0.14-5
libdatrie 0.2.13-1
libdbusmenu-glib 16.04.0-4
libdbusmenu-gtk3 16.04.0-4
libdbusmenu-qt5 0.9.3+16.04.20160218-6
libdc1394 2.2.6-2
libdca 0.0.7-1
libde265 1.0.8-2
libdrm 2.4.110-1
libdv 1.0.0-9
libdvbpsi 1:1.3.3-2
libdvdcss 1.4.3-1
libdvdnav 6.1.1-1
libdvdread 6.1.2-1
libebml 1.4.2-2
libedit 20210910_3.1-1
libelf 0.186-5
libepoxy 1.5.9-1
libevdev 1.12.0-1
libevent 2.1.12-1
libexif 0.6.24-1
libfdk-aac 2.0.2-1
libffi 3.4.2-4
libfm-extra 1.3.2-1
libfm-qt 1.0.0-2
libfontenc 1.1.4-3
libfreeaptx 0.1.1-1
libgadu 1.12.2-13
libgcrypt 1.9.4-1
libglvnd 1.4.0-1
libgme 0.6.3-1
libgpg-error 1.44-1
libgsf 1.14.48-1
libgudev 237-1
libheif 1.12.0-3
libibus 1.5.25-5
libical 3.0.14-1
libice 1.0.10-3
libid3tag 0.15.1b-11
libidn 1.38-1
libidn2 2.3.2-1
libiec61883 1.2.0-6
libimobiledevice 1.3.0-5
libindicator-gtk3 12.10.1-9
libinih 53-2
libinput 1.20.0-1
libinstpatch 1.1.6-1
libisl 0.24-4
libjpeg-turbo 2.1.3-1
libkate 0.4.1-8
libkcddb 21.12.3-1
libkcompactdisc 21.12.3-1
libksba 1.6.0-1
libkscreen 5.24.3-1
libldac 2.0.2.3-1
libldap 2.6.1-1
liblqr 0.4.2-3
liblrdf 0.6.1-4
libltc 1.3.1-3
liblxqt 1.0.0-1
libmad 0.15.1b-9
libmanette 0.2.6-2
libmatroska 1.6.3-2
libmaxminddb 1.6.0-3
libmbim 1.26.2-1
libmfx 22.1.0-1
libmicrodns 0.2.0-1
libmm-glib 1.18.6-1
libmnl 1.0.4-3
libmodplug 0.8.9.0-3
libmpc 1.2.1-2
libmpcdec 1:0.1+r475-3
libmpeg2 0.5.1-7
libmtp 1.1.19-1
libmusicbrainz5 5.1.0-4
libndp 1.8-1
libnetfilter_conntrack 1.0.8-1
libnewt 0.52.21-8
libnfnetlink 1.0.1-4
libnftnl 1.2.1-1
libnghttp2 1.47.0-1
libnice 0.1.18-2
libnl 3.5.0-3
libnm 1.36.2-1
libnma 1.8.34-1
libnotify 0.7.9-2
libnsl 2.0.0-2
libogg 1.3.5-1
libomxil-bellagio 0.9.3-3
libopenmpt 0.6.1-1
libopenraw 0.3.0-1
libp11-kit 0.24.1-1
libpcap 1.10.1-2
libpciaccess 0.16-2
libpgm 5.3.128-1
libpipeline 1.5.5-1
libplacebo 4.192.1-2
libplist 2.2.0-5
libpng 1.6.37-3
libproxy 0.4.17-6
libpsl 0.21.1-1
libpulse 15.0-4
libpurple 2.14.8-1
libqmi 1.30.4-1
libqrtr-glib 1.2.2-1
libqtxdg 3.8.0-2
libraqm 0.9.0-1
libraw 0.20.2-1
libraw1394 2.1.2-3
librsvg 2:2.52.7-1
libsamplerate 0.2.2-1
libsasl 2.1.27-3
libseccomp 2.5.3-3
libsecret 0.20.5-1
libshout 1:2.4.5-1
libsidplay 1.36.59-10
libsigc++ 2.10.8-1
libsm 1.2.3-2
libsndfile 1.0.31-1
libsodium 1.0.18-2
libsoup 2.74.2-2
libsoup3 3.0.4-2
libsoxr 0.1.3-2
libsrtp 1:2.4.2-1
libssh 0.9.6-1
libssh2 1.10.0-1
libstatgrab 0.92.1-1
libstemmer 2.2.0-1
libsysprof-capture 3.42.1-3
libsysstat 0.4.6-1
libtar 1.2.20-6
libtasn1 4.18.0-1
libteam 1.31-5
libthai 0.1.29-1
libtheora 1.1.1-5
libtiff 4.3.0-1
libtirpc 1.3.2-1
libtool 2.4.6+59+gb55b1cc8-2
libunistring 0.9.10-3
libunwind 1.6.2-1
libupnp 1.14.12-3
liburcu 0.13.1-1
libusb 1.0.25-2
libusbmuxd 2.0.2-1
libutempter 1.2.1-1
libuv 1.43.0-1
libva 2.13.0-2
libvdpau 1.4-2
libvisual 0.4.0-8
libvorbis 1.3.7-3
libvpx 1.11.0-2
libwacom 2.1.0-1
libwebp 1.2.2-1
libwnck3 40.1-1
libwpe 1.12.0-1
libx11 1.7.3.1-1
libx86emu 3.5-1
libxau 1.0.9-3
libxaw 1.0.14-1
libxcb 1.14-1
libxcomposite 0.4.5-3
libxcrypt 4.4.28-2
libxcursor 1.2.0-2
libxcvt 0.1.1-1
libxdamage 1.1.5-3
libxdmcp 1.1.3-3
libxext 1.3.4-3
libxfixes 6.0.0-1
libxfont2 2.0.5-1
libxft 2.3.4-1
libxi 1.8-1
libxinerama 1.1.4-3
libxkbcommon 1.4.0-1
libxkbcommon-x11 1.4.0-1
libxkbfile 1.1.0-2
libxml2 2.9.13-1
libxmu 1.1.3-2
libxpm 3.5.13-2
libxrandr 1.5.2-3
libxrender 0.9.10-4
libxres 1.2.1-1
libxshmfence 1.3-2
libxslt 1.1.35-1
libxss 1.2.3-3
libxt 1.2.1-1
libxtst 1.2.3-4
libxv 1.0.11-4
libxvmc 1.0.12-3
libxxf86vm 1.1.4-4
libyaml 0.2.5-1
licenses 20220125-1
lilv 0.24.12-4
linux 5.16.13.arch1-1
linux-api-headers 5.16.8-1
linux-atm 2.5.2-7
linux-firmware 20220209.6342082-1
linux-firmware-whence 20220209.6342082-1
linux-headers 5.16.13.arch1-1
llvm-libs 13.0.1-1
lm_sensors 1:3.6.0.r41.g31d1f125-1
lmdb 0.9.29-1
logrotate 3.19.0-1
lsb-release 2.0.r48.3cf5103-1
lsscsi 0.32-1
lua52 5.2.4-5
lua53 5.3.6-1
luajit 2.1.0.beta3.r391.g8b8304f1-1
luit 20210218-1
lv2 1.18.2-1
lvm2 2.03.15-1
lximage-qt 1.0.0-1
lxmenu-data 0.1.5-3
lxqt-about 1.0.0-1
lxqt-admin 1.0.0-1
lxqt-archiver 0.5.0-1
lxqt-config 1.0.0-1
lxqt-globalkeys 1.0.1-1
lxqt-notificationd 1.0.0-1
lxqt-openssh-askpass 1.0.0-1
lxqt-panel 1.0.0-1
lxqt-policykit 1.0.0-1
lxqt-powermanagement 1.0.0-1
lxqt-qtplugin 1.0.0-2
lxqt-runner 1.0.0-1
lxqt-session 1.0.1-1
lxqt-sudo 1.0.0-1
lxqt-themes 1.0.0-1
lz4 1:1.9.3-2
lzo 2.10-3
m4 1.4.19-1
mailcap 2.1.53-1
make 4.3-3
man-db 2.10.1-1
man-pages 5.13-1
md4c 0.4.8-1
mdadm 4.2-1
media-player-info 24-2
megasync 4.6.5-2
meld 3.20.4-2
menu-cache 1.1.0-2
mesa 21.3.7-2
mesa-utils 8.4.0-7
mjpegtools 2.2.1-1
mkinitcpio 31-2
mkinitcpio-busybox 1.35.0-1
mkinitcpio-nfs-utils 0.3-7
mkinitcpio-openswap 0.1.0-3
mlocate 0.26.git.20170220-7
mobile-broadband-provider-info 20210805-1
modemmanager 1.18.6-1
mpfr 4.1.0.p13-2
mpg123 1.29.3-1
mpv 1:0.34.1-4
mtdev 1.1.6-1
mtools 1:4.0.38-1
mujs 1.2.0-2
muparser 2.3.3-1
nano 6.2-1
nano-syntax-highlighting 2020.10.10-1
nbd 3.24-1
ncurses 6.3-2
ndctl 72.1-1
ndisc6 1.0.4-2
neofetch 7.1.0-2
neon 0.32.2-1
netctl 1.27-1
nettle 3.7.3-1
network-manager-applet 1.24.0-1
networkmanager 1.36.2-1
networkmanager-openvpn 1.8.18-1
nfs-utils 2.6.1-1
nfsidmap 2.6.1-1
nftables 1:1.0.1-3
nilfs-utils 2.2.8-2
nm-connection-editor 1.24.0-1
nmap 7.92-1
noto-fonts 20201226-2
npth 1.6-3
nspr 4.33-1
nss 3.76-1
nss-mdns 0.15.1-1
ntfs-3g 2021.8.22-1
ntp 4.2.8.p15-1
obconf-qt 0.16.2-1
openal 1.21.1-3
openbox 3.6.1-8
openconnect 1:8.20-1
opencore-amr 0.1.5-5
opendesktop-fonts 1.4.2-6
openexr 3.1.4-1
openjpeg2 2.4.0-1
openmpi 4.1.2-1
openresolv 3.12.0-1
openssh 8.9p1-1
openssl 1.1.1.m-1
openvpn 2.5.5-1
opus 1.3.1-3
orc 0.4.32-1
os-prober 1.79-1
oxygen-icons 1:5.91.0-1
p11-kit 0.24.1-1
pacman 6.0.1-4
pacman-contrib 1.4.0-4
pacman-mirrorlist 20220227-1
pacutils 0.11.1-1
pahole 1.23-1
pam 1.5.2-1
pambase 20211210-1
pango 1:1.50.5-1
pangomm 2.46.2-1
parallel 20220222-1
parted 3.4-2
patch 2.7.6-8
pavucontrol 1:5.0-1
pavucontrol-qt 1.0.0-2
pciutils 3.7.0-2
pcmanfm-qt 1.0.0-1
pcre 8.45-1
pcre2 10.39-1
pcsclite 1.9.5-1
pcurses 5-5
perl 5.34.0-3
perl-clone 0.45-3
perl-encode-locale 1.05-8
perl-error 0.17029-3
perl-file-listing 6.14-2
perl-html-parser 3.76-2
perl-html-tagset 3.20-11
perl-http-cookies 6.10-2
perl-http-daemon 6.13-1
perl-http-date 6.05-4
perl-http-message 6.36-1
perl-http-negotiate 6.01-9
perl-io-html 1.004-2
perl-libwww 6.58-1
perl-lwp-mediatypes 6.04-1
perl-mailtools 2.21-5
perl-net-http 6.22-1
perl-timedate 2.33-3
perl-try-tiny 0.31-1
perl-uri 5.10-1
perl-www-robotrules 6.02-9
perl-xml-parser 2.46-3
perl-xml-writer 0.625-7
phonon-qt5 4.11.1-3
phonon-qt5-gstreamer 4.10.0-3
pidgin 2.14.8-1
pinentry 1.2.0-1
pipewire 1:0.3.48-1
pipewire-alsa 1:0.3.48-1
pipewire-jack 1:0.3.48-1
pipewire-media-session 1:0.4.1-1
pipewire-pulse 1:0.3.48-1
pixman 0.40.0-1
pkcs11-helper 1.28.0-1
pkgconf 1.8.0-1
pkgfile 21-2
polkit 0.120-5
polkit-qt5 0.114.0-1
poppler 22.03.0-1
poppler-glib 22.03.0-1
popt 1.18-3
portaudio 1:19.7.0-1
power-profiles-daemon 0.10.1-2
ppp 2.4.9-1
pptpclient 1.10.0-2
print-manager 21.12.3-1
procps-ng 3.3.17-1
protobuf 3.19.4-1
protobuf-c 1.4.0-2
psmisc 23.4-1
pv 1.6.20-1
python 3.10.2-1
python-appdirs 1.4.4-6
python-cairo 1.20.1-3
python-colorama 0.4.4-6
python-defusedxml 0.7.1-4
python-future 0.18.2-7
python-gobject 3.42.0-3
python-more-itertools 8.12.0-1
python-ordered-set 4.0.2-6
python-packaging 20.9-7
python-ply 3.11-10
python-psutil 5.9.0-1
python-pyparsing 3.0.1-1
python-setuptools 1:59.3.0-1
python-shtab 1.5.3-1
python-six 1.16.0-5
python-termcolor 1.1.0-12
qrencode 4.1.1-1
qt5-base 5.15.3+kde+r133-1
qt5-declarative 5.15.3+kde+r20-1
qt5-graphicaleffects 5.15.3+kde+r0-1
qt5-multimedia 5.15.3+kde+r0-1
qt5-quickcontrols 5.15.3+kde+r0-1
qt5-quickcontrols2 5.15.3+kde+r4-1
qt5-script 5.15.8-4
qt5-speech 5.15.3+kde+r1-1
qt5-svg 5.15.3+kde+r12-1
qt5-tools 5.15.3+kde+r1-1
qt5-translations 5.15.3+kde+r2-1
qt5-wayland 5.15.3+kde+r40-1
qt5-x11extras 5.15.3+kde+r0-1
qterminal 1.0.0-1
qtermwidget 1.0.0-2
quazip-qt5 1.2-2
raptor 2.0.15-18
rav1e 0.4.1-1
readline 8.1.002-1
rebuild-detector 4.4.1-2
reflector 2021.11-3
reflector-simple 2021.12.31-1
reiserfsprogs 3.6.27-3
rest 0.8.1+r4+ge5ee6ef-1
rp-pppoe 3.15-2
rpcbind 1.2.6-2
rsync 3.2.3-4
rtmpdump 1:2.4.r99.f1b83c1-2
rubberband 2.0.2-1
run-parts 5.5-1
s-nail 14.9.23-1
sbc 1.5-2
screengrab 2.3.0-1
sddm 0.19.0-8
sdl 1:1.2.15+r406+gf1caf909-1
sdl2 2.0.20-2
sed 4.8-1
serd 0.30.10-1
sg3_utils 1.47-1
shaderc 2022.1-2
shadow 4.11.1-1
shared-mime-info 2.0+115+gd74a913-1
slang 2.3.2-2
smartmontools 7.3-1
smplayer 22.2.0-1
sof-firmware 2.0-1
solid 5.91.0-1
sonnet 5.91.0-1
sord 0.16.8-1
sound-theme-freedesktop 0.8-4
soundtouch 2.3.1-2
spandsp 0.0.6-3
speedtest-cli 2.1.3-2
speex 1.2.0-3
speexdsp 1.2.0-2
spirv-tools 2022.1-1
sqlite 3.38.0-1
sratom 0.6.8-3
srt 1.4.4-1
sshfs 3.7.2-2
startup-notification 0.12-7
stoken 0.92-4
sudo 1.9.10-1
svt-av1 0.9.0-2
svt-hevc 1.5.1-2
syndication 5.91.0-1
sysfsutils 2.1.1-1
systemd 250.3-4
systemd-libs 250.3-4
systemd-sysvcompat 250.3-4
taglib 1.12-1
tar 1.34-1
tcl 8.6.12-3
tdb 1.4.6-1
texinfo 6.8-2
thin-provisioning-tools 0.9.0-1
tldr 3.1.0-1
tpm2-tss 3.2.0-1
tracker3 3.2.1-2
tslib 1.22-1
ttf-bitstream-vera 1.10-14
ttf-dejavu 2.37+18+g9b5d1b2f-3
ttf-liberation 2.1.5-1
ttf-opensans 1.101-2
twolame 0.4.0-2
tzdata 2021e-1
uchardet 0.0.7-1
udisks2 2.9.4-1
ufw 0.36.1-1
unrar 1:6.1.6-1
unzip 6.0-18
upower 0.99.17-1
usb_modeswitch 2.6.1-3
usbmuxd 1.1.1-1
usbutils 014-2
util-linux 2.37.4-1
util-linux-libs 2.37.4-1
v4l-utils 1.22.1-1
vid.stab 1.1-3
virtualbox 6.1.32-2
virtualbox-host-dkms 6.1.32-2
vlc 3.0.16-8
vmaf 2.3.0-1
volume_key 0.3.12-7
vpnc 1:0.5.3.r501.r196-1
vulkan-icd-loader 1.3.207-1
wavpack 5.4.0-1
wayland 1.20.0-1
wayland-protocols 1.25-1
webkit2gtk 2.34.6-1
webrtc-audio-processing 0.3.1-3
welcome 3.17.21-2
wget 1.21.2-1
which 2.21-5
whois 5.5.12-1
wildmidi 0.4.4-1
wireless-regdb 2022.02.18-1
wireless_tools 30.pre9-3
woff2 1.0.2-3
wpa_supplicant 2:2.10-3
wpebackend-fdo 1.12.0-1
x264 3:0.164.r3081.19856cc-2
x265 3.5-3
xbitmaps 1.1.2-2
xcb-proto 1.14.1-5
xcb-util 0.4.0-3
xcb-util-image 0.4.0-3
xcb-util-keysyms 0.4.0-3
xcb-util-renderutil 0.3.9-3
xcb-util-wm 0.4.1-3
xdg-dbus-proxy 0.1.3-1
xdg-user-dirs 0.17-3
xdg-utils 1.1.3+19+g9816ebb-1
xf86-input-libinput 1.2.1-1
xf86-video-intel 1:2.99.917+916+g31486f40-2
xfsprogs 5.14.2-1
xkeyboard-config 2.35.1-1
xl2tpd 1.3.17-1
xorg-appres 1.0.5-2
xorg-fonts-encodings 1.0.5-2
xorg-server 21.1.3-6
xorg-server-common 21.1.3-6
xorg-setxkbmap 1.3.2-2
xorg-xauth 1.1.1-1
xorg-xdpyinfo 1.3.2-4
xorg-xinit 1.4.1-3
xorg-xinput 1.6.3-2
xorg-xkbcomp 1.4.5-1
xorg-xkill 1.0.5-2
xorg-xmodmap 1.0.10-2
xorg-xprop 1.2.5-1
xorg-xrandr 1.5.1-2
xorg-xrdb 1.2.1-1
xorg-xset 1.2.4-2
xorgproto 2021.5-1
xscreensaver 6.03-1
xsettingsd 1.0.2-1
xterm 372-1
xvidcore 1.3.7-2
xxhash 0.8.1-2
xz 5.2.5-2
yad-eos 11.0-1
yay 11.1.2-1
yubico-c 1.13-6
yubico-c-client 2.15-5
yubikey-personalization 1.20.0-3
zbar 0.23.1-9
zeromq 4.3.4-2
zimg 3.0.3-2
zlib 1:1.2.11-5
zstd 1.5.2-2
zvbi 0.2.35-4
zxing-cpp 1.2.0-1
There’s nftables 1:1.0.1-3 and iptables-nft 1:1.8.7-1 in the list but no iptables.
Ubuntu has started using NFTABLES from Ubuntu 20.10. Why hasn’t Arch implemented it ? Arch is bleeding edge, right ?
Ok for your iptables and nftables.
I think it’s not a priority for the developer and most of user (ubuntu, arch…) don’t care of., but that’s not mean Arch is not bleeding edge.
1 Like
That means you are using nftables. iptables-nft is an interface for nftables.
Arch doesn’t specify which implementation you should use either way. On Arch it is your system and entirely up to you which packages you install.
That being said, it seems to be being used on your system so why do you think that Arch hasn’t implemented it?
This is basically how you block outbound traffic in firewalld:
Understood but if you take the example of PipeWire all I had to do was update my system and PipeWire got implemented automatically. So I wonder why not take the same approach toward replacing IPTABLES with NFTABLES.
When I tried to install the package iptables-nft pacman asked me if I want to replace iptables with iptables-nft I chose Y so that proves that by default Arch is using IPTABLES not NFTABLES. Or have I misunderstood this ?
I started ufw many years ago when I started using Linux so I am quite familiar with its CLI interface. Now that I am able to control NFTABLES with ufw I will skip Firewalld.
I think you are misunderstanding. Arch didn’t switch your system to pipewire. Some other package became dependent on pipewire so it was installed. However, unless you manually installed pipewire-pulse, most of your applications won’t actually be using pipewire.
Yes, this is another misunderstanding. Your system supports both iptables and nftables. Having both iptables and nftables installed means that applications which use iptables will use iptables. Installing iptables-nft makes it so that applications which use iptables are now using nftables.
I wanted to enable Bluetooth for connection a Headphone so I visited this tutorial
Its written
If you are using pipewire (default since Atlantis release)
sudo pacman -S --needed bluez bluez-utils
So that’s what I did and I was able to connect my headphone.
My question is then why mention “default since Atlantis release” ?