On Fri, Nov 20, 2020 at 12:18 PM Frank Cox <theatre at sasktel.net> wrote: > > On Fri, 20 Nov 2020 12:07:40 -0500 > Michael B Allen wrote: > > > So TCP src 760 to 41285. What's that? > > Apparently "that" is what you need to allow in order for your desktop to work. > > What it is actually doing, I'm not sure. Google tells me that port 760 has something to do with Kerberos registration. Apparently I don't know how to do "that" because this: # iptables -A INPUT -p tcp --sport 760 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT still doesn't allow the traffic through (not that I would want to allow an --sport rule anyway but I'd just like to confirm that this traffic is indeed responsible). What am I doing wrong here? I've also tried simpler rules without conntrack or cstate but it's still not getting through. Incidentally I added kerberos and kadmin firewalld services without effect either. Mike