On 2/26/23 17:29, David C. Rankin wrote:
...
The issue is I block most of RIPE, I don't do business overseas, rarely
outside Texas.
I keep iptables stats on the number of intrusion attempts from RIPE,These intrusion attempts are inbound and it is indeed not uncommon to
'block' ingress SYN (aka new and not related / established) connections
from those you don't want accessing your services.
But arch relies only on the ability to reach a website to pull the WKD
info. Inbound blocks would not prevent this - just like it would not
prevent you from visiting any EU website.
Are you saying you block not only inbound SYN packets, but also outbound
and/or every related, established connection?
This would mean you are unable to visit any EU website unless you first
add that website's specific IP(s) to your outbound whitelist? That would
also include of course the WKD web-server as well. If this is not the
case then perhaps something else is going on.
As I said, just trying to understand what you're doing that may be
causing a problem for you to pull a key from a web-server.
best
gene
