Nebulo using ICMP?
Is Nebulo using ICMP (IP Protocol 1) for anything? If so, what types and codes?
I thought it was using HTTPS (HTTP over TLS) via TCP (IP Protocol 6).
AFWall+ doesn't really do INPUT chain blocking if you're using multiple profiles... there's no way to ensure the INPUT and FORWARD chains are properly flushed within AFWall+ upon a change of profile, and trying to set up your own chains hung off INPUT and FORWARD, then flushing them via a .sh script is glitchy. AFWall+ uses a chain named "afwall", hung off OUTPUT, and properly flushes it on a change of profile.
I'd set AFWall+ to DROP (outbound) all ICMP except for type 3 (destination unreachable) and type 10 (router selection) for IPv4, and for IPv6 to DROP (outbound) type 128 and type 129 (echo and echo reply) and allow everything else.
Since AFWall+ doesn't really do INPUT chain blocking with multiple profiles, ICMP type 9 (router advertisement) isn't blocked, since I'm not doing any INPUT chain blocking right now.
In Nebulo's settings, I enabled the "Notification on no connection". It popped up the notification that it wasn't forwarding DNS requests.
This is on an IPv4 network.
So I opened Total Commander and edited the .sh script for the AFWall+ profile to just drop ICMP type 0 and 8 (echo and echo reply) for IPv4. I left IPv6 rules alone.
Nebulo started working again immediately after I applied the changed .sh file rules in AFWall+.