Why the following simple & strict iptable rule will prevent apt update from performing?

iptables

Solution 1:

IPTables rules apply to all IP packets. In TCP connections, the server both sends packets via OUTPUT chain and receives packets via INPUT chain.

In your rules, you are dropping all the packets from the receiving direction with the DROP rule.

You need to use connection tracking in order to allow receiving packets for TCP connections that the server itself has started.

This is a basic ruleset to allow it:

iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -m conntrack --ctstate NEW -j accept
iptables -P INPUT DROP

First rule allows incoming packets for established conncetions.

Second rule allows new incoming connections for ports 22,80,443.

Last rule sets the default policy for INPUT chain packets to DROP.

It is also good practice to allow incoming ICMP packets:

iptables -A INPUT -p icmp -j ACCEPT

Related

ssh port forwarding with permament connection between remote and destination
How do I find my server? [closed]
What type of strategy game is this? You rearrange positions?
Is there any benefit of stretching out the kill shot?
Are there any hidden chests in Sanctuary?
My character goes blind
What factors contribute to position shown in assisting kills
What are the chances of a berry mutation in Pokemon X/Y?
Just how long does the 'tutorial' actually last?
Can I keep working on "do X Y times" achievements by replaying missions?
Consistent ST stacking and T-spin
I killed Carhillion (Sorcery merchant) how long until his tombstone appears?