Берёте дефолтный раымный конфиг для декстопа:# nft --handle --numeric list table inet filter
table inet filter { # handle 7
chain input { # handle 1
type filter hook input priority 0; policy drop;
ct state 0x1 counter packets 1940 bytes 86636 drop comment "early drop of invalid packets" # handle 5
ct state { 0x2, 0x4 } counter packets 2236693022 bytes 230372893649 accept comment "accept all connections related to connections made by us" # handle 6
iif "lo" accept comment "accept loopback" # handle 7
iif != "lo" ip daddr 127.0.0.0/8 counter packets 0 bytes 0 drop comment "drop connections to loopback not coming from loopback" # handle 8
iif != "lo" ip6 daddr ::1 counter packets 0 bytes 0 drop comment "drop connections to loopback not coming from loopback" # handle 9
tcp flags & (0x1 | 0x2 | 0x4 | 0x8 | 0x10 | 0x20) == 0x0 counter packets 0 bytes 0 drop # handle 10
tcp flags & (0x1 | 0x2) == 0x1 | 0x2 counter packets 0 bytes 0 drop # handle 11
tcp flags & (0x2 | 0x4) == 0x2 | 0x4 counter packets 0 bytes 0 drop # handle 12
tcp flags & (0x1 | 0x2) == 0x1 | 0x2 counter packets 0 bytes 0 drop # handle 13
tcp flags & (0x1 | 0x4) == 0x1 | 0x4 counter packets 0 bytes 0 drop # handle 14
tcp flags & (0x1 | 0x10) == 0x1 counter packets 0 bytes 0 drop # handle 15
tcp flags & (0x10 | 0x20) == 0x20 counter packets 0 bytes 0 drop # handle 16
tcp flags & (0x1 | 0x10) == 0x1 counter packets 0 bytes 0 drop # handle 17
tcp flags & (0x8 | 0x10) == 0x8 counter packets 0 bytes 0 drop # handle 18
tcp flags & (0x1 | 0x2 | 0x4 | 0x8 | 0x10 | 0x20) == 0x1 | 0x2 | 0x4 | 0x8 | 0x10 | 0x20 counter packets 0 bytes 0 drop # handle 19
tcp flags & (0x1 | 0x2 | 0x4 | 0x8 | 0x10 | 0x20) == 0x0 counter packets 0 bytes 0 drop # handle 20
tcp flags & (0x1 | 0x2 | 0x4 | 0x8 | 0x10 | 0x20) == 0x1 | 0x8 | 0x20 counter packets 0 bytes 0 drop # handle 21
tcp flags & (0x1 | 0x2 | 0x4 | 0x8 | 0x10 | 0x20) == 0x1 | 0x2 | 0x8 | 0x20 counter packets 0 bytes 0 drop # handle 22
tcp flags & (0x1 | 0x2 | 0x4 | 0x8 | 0x10 | 0x20) == 0x1 | 0x2 | 0x4 | 0x10 | 0x20 counter packets 0 bytes 0 drop # handle 23
ct state 0x2,0x4 counter packets 0 bytes 0 accept # handle 24
}
chain forward { # handle 2
type filter hook forward priority 0; policy drop;
}
chain output { # handle 3
type filter hook output priority 0; policy accept;
}
}
Потом с помощью lsof -p <pid> у вашего приложения смотрите, куда оно ломится. И всё что не нравится в chain output добавляете. всё. И ничего дебажить не нужно.