Gnome-shell establishes an outbound connection to master1.openshift4.gnome.org (8.43.85.3)

Hi,

Can someone please explain why when using remote desktop to connect to a server running GNOME desktop (Rocky Linux 8.6), an internet connection is established to 8.43.85.3:443 (master1.openshift4.gnome.org) or 8.43.85.4:443(master2.openshift4.gnome.org) and how to prevent the call.

[root@test ~]# netstat -atWn | grep 8.43.85
tcp 0 0 192.168.97.67:58388 8.43.85.4:443 ESTABLISHED

[root@test ~]# lsof -i tcp:58388
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
gnome-she 3058 michael 29u IPv4 72490 0t0 TCP test.mnsmithuk:58388->master2.openshift4.gnome.org:https (CLOSE_WAIT)

[root@test ~]# ps -ef | grep 3058
michael 3058 2887 1 16:12 ? 00:00:02 /usr/bin/gnome-shell
michael 3078 3058 0 16:12 ? 00:00:00 ibus-daemon --xim --panel disable
root 3676 2755 0 16:16 pts/0 00:00:00 grep --color=auto 3058

After a few seconds or couple the connection state changes from ESTABLISHED to CLOSE_WAIT.
[root@test ~]# netstat -atWn | grep 8.43.85
tcp 0 0 192.168.97.67:58388 8.43.85.4:443 CLOSE_WAIT

There must be a way to prevent an estabished connection in the first place. Why is gnome-shell making this connection and how do I stop it (even if it is supposedly for my good).

It’s probably either nmcheck.gnome.org (captive portal check, should only run if you first fail to connect to Rocky Linux’s captive portal checker), or else extensions.gnome.org (should only run if you have extensions installed, I think?).

If this is the case how do I stop it from running in the first place.

Don’t know, sorry. Someone else probably will…

Thanks for you help so far.

Currently I have had to block outgoing traffic to the ip addresses with host firewall but don’t think that should be the solution.

firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp -d 8.43.85.4/32 -j DROP

Can anyone else chime in on a better solution please?

For extension updates, the only option (besides not installing any extensions) is to have neither the Extensions nor Extension Manager app installed.

I doubt it is NetworkManager’s connectivity check, but if it is, it can be disabled via

[connectivity]
enabled=false

in the configuration.

I’ve set NetworkManager’s connectivity check enabled=false but that did not fix anything.

I had already removed the PackageKit* and nautilus-extensions packages from the system so not sure if its any of the other packages list below.

[root@test ~]# rpm -qa | grep -i gnome
gnome-user-docs-3.28.2-1.el8.noarch
gnome-session-xsession-3.28.1-14.el8.x86_64
gnome-online-accounts-3.28.2-3.el8.x86_64
gnome-keyring-3.28.2-1.el8.x86_64
chrome-gnome-shell-10.1-7.el8.x86_64
gnome-disk-utility-3.28.3-2.el8.x86_64
gnome-font-viewer-3.28.0-1.el8.x86_64
gnome-calculator-3.28.2-2.el8.x86_64
gnome-bluetooth-3.34.3-1.el8.x86_64
gnome-video-effects-0.4.3-3.el8.noarch
gnome-desktop3-3.32.2-1.el8.x86_64
gnome-control-center-3.28.2-36.el8.x86_64
gnome-menus-3.13.3-11.el8.x86_64
gnome-session-3.28.1-14.el8.x86_64
gnome-settings-daemon-3.32.0-16.el8_6.1.x86_64
gnome-getting-started-docs-3.28.2-1.el8.noarch
gnome-shell-3.32.2-48.el8.x86_64
gnome-session-wayland-session-3.28.1-14.el8.x86_64
gnome-boxes-3.36.5-8.el8.rocky.0.1.x86_64
gnome-screenshot-3.26.0-3.el8.x86_64
gnome-remote-desktop-0.1.8-3.el8.x86_64
gnome-system-monitor-3.28.2-1.el8.x86_64
gnome-bluetooth-libs-3.34.3-1.el8.x86_64
gnome-themes-standard-3.22.3-4.el8.x86_64
libgnomekbd-3.26.0-4.el8.x86_64
gnome-control-center-filesystem-3.28.2-36.el8.noarch
gnome-keyring-pam-3.28.2-1.el8.x86_64
gnome-color-manager-3.28.0-3.el8.x86_64
gnome-characters-3.28.2-1.el8.1.x86_64
gnome-logs-3.28.5-3.el8.x86_64
gnome-terminal-3.28.3-3.el8.x86_64

Those have nothing to do with gnome-shell.

The package name of the Extensions app in Fedora is gnome-extensions-app. Extension Manager is unpackaged so far, but either app could be installed via flatpak.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.