On 2/26/23 17:29, David C. Rankin wrote: ...
The issue is I block most of RIPE, I don't do business overseas, rarely outside Texas.
I keep iptables stats on the number of intrusion attempts from RIPE,These intrusion attempts are inbound and it is indeed not uncommon to
'block' ingress SYN (aka new and not related / established) connections from those you don't want accessing your services. But arch relies only on the ability to reach a website to pull the WKD info. Inbound blocks would not prevent this - just like it would not prevent you from visiting any EU website. Are you saying you block not only inbound SYN packets, but also outbound and/or every related, established connection? This would mean you are unable to visit any EU website unless you first add that website's specific IP(s) to your outbound whitelist? That would also include of course the WKD web-server as well. If this is not the case then perhaps something else is going on. As I said, just trying to understand what you're doing that may be causing a problem for you to pull a key from a web-server. best gene