Tux Training

Assuming your iptables is set to drop all Output and only allow through what you tell it to, you will need to do a few things to ensure that pacman can still sync, update, and install packages for you.

First thing first, you need to make sure that iptables is allowing the basics (FTP, HTTP, DNS, etc)

    iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
    iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT

But even with these ports open you’ll notice you cannot do a pacman -Sy.

Simply;

modprobe ip_conntrack_ftp

and pacman should now work as usual.  To have the module loaded at boot, make sure to edit your /etc/rc.conf file and add this to the MODULES = section, and you’re all done.

Related Posts

• Remove unused dependencies in Arch Linux
• Create a List of all installed packages on Arch Linux
• How to have Gnu Screen display number of updates for Arch linux
• 6 quick steps to install apps from AUR in Arch Linux
• Improve database access speeds in pacman on Arch
• How to manage packages using Pacman in Arch Linux
• Installing Tor Server and Client on Arch Linux
• Video for installing Arch
• The Arch Linux Handbook
• Optimize pacman and free space on Arch