Archdevs,
Depending on how restrictive the iptables rules, if the IP for
archlinux-keyring-wkd-sync falls into a blocked range, the logs quickly fill.
An idea is to have the service insert a temporary rule to either (1) allow the
IP for the sync check, or (2) allow established, related connections while the
service runs.
It may also be worth updating the wiki to provide model rules for
iptables/nftables to allow archlinux-keyring-wkd-sync to run successfully.
Just food for thought.
--
David C. Rankin, J.D.,P.E.
