tkasidakis@tkasidakis-Inspiron-5558:~$ sudo iptables-save
# Generated by iptables-save v1.6.1 on Tue Sep 1 14:02:06 2020
*raw
:PREROUTING ACCEPT [25444:8694800]
:OUTPUT ACCEPT [15925:2356303]
-A PREROUTING -i veth97bcaa5e -m rpfilter --invert -m comment --comment "generated for LXD container VAMOS (eth0) rpfilter" -j DROP
COMMIT
# Completed on Tue Sep 1 14:02:06 2020
# Generated by iptables-save v1.6.1 on Tue Sep 1 14:02:06 2020
*mangle
:PREROUTING ACCEPT [103351:21316653]
:INPUT ACCEPT [86296:8222859]
:FORWARD ACCEPT [16806:13068266]
:OUTPUT ACCEPT [81953:8001833]
:POSTROUTING ACCEPT [98062:21019385]
-A POSTROUTING -o lxdbr0 -p udp -m udp --dport 68 -m comment --comment "generated for LXD network lxdbr0" -j CHECKSUM --checksum-fill
-A POSTROUTING -o lxcbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Tue Sep 1 14:02:06 2020
# Generated by iptables-save v1.6.1 on Tue Sep 1 14:02:06 2020
*nat
:PREROUTING ACCEPT [17983:1332013]
:INPUT ACCEPT [16794:1227663]
:OUTPUT ACCEPT [19853:1476023]
:POSTROUTING ACCEPT [19814:1472930]
-A POSTROUTING -s 10.42.0.0/24 ! -d 10.42.0.0/24 -j MASQUERADE
-A POSTROUTING -s 10.48.91.0/24 ! -d 10.48.91.0/24 -m comment --comment "generated for LXD network lxdbr0" -j MASQUERADE
-A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
COMMIT
# Completed on Tue Sep 1 14:02:06 2020
# Generated by iptables-save v1.6.1 on Tue Sep 1 14:02:06 2020
*filter
:INPUT ACCEPT [67226:6831777]
:FORWARD ACCEPT [15650:12972733]
:OUTPUT ACCEPT [79478:7820106]
-A INPUT -i wlp6s0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i wlp6s0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i wlp6s0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i wlp6s0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i lxdbr0 -p tcp -m tcp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxcbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i lxcbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i lxcbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i lxcbr0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -d 10.42.0.0/24 -o wlp6s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.42.0.0/24 -i wlp6s0 -j ACCEPT
-A FORWARD -i wlp6s0 -o wlp6s0 -j ACCEPT
-A FORWARD -o wlp6s0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i wlp6s0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A FORWARD -i lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A FORWARD -o lxcbr0 -j ACCEPT
-A FORWARD -i lxcbr0 -j ACCEPT
-A OUTPUT -o lxdbr0 -p tcp -m tcp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
COMMIT
# Completed on Tue Sep 1 14:02:06 2020
These two lines are the issue, they are rejecting any packets that are being routed to/from your wifi interface. The rules above that are only allowing RELATED & ESTABLISHED connections, but not new connections.
-A FORWARD -o wlp6s0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i wlp6s0 -j REJECT --reject-with icmp-port-unreachable
P.s. Please use the three backtick approach to quoting console or command output as it makes it a lot easier to read.
Ok Thomas.
So what i am doing to enable new connections and solve this issue once and for all ?
I would remove those rules first to confirm it is the issue 
However this will expose your laptop to all routed traffic on that wifi network, so depending on your security needs you may want to add modified rules back to only allow the traffic you want as per your specific requirements.
Forget Security
Ok how am i suppose to remove them ?
In fact , how am i able to disable LXD firewall or general firewall ?
It depends on which firewall you are using.
As a quick test running the command iptables -t filter -F will remove all rules in the filter table, and as your filter table’s default policy is ACCEPT for INPUT, FORWARD and OUTPUT, this will effectively disable the firewall.
root@VAMOS:~# ping 10.42.0.76
PING 10.42.0.76 (10.42.0.76) 56(84) bytes of data.
64 bytes from 10.42.0.76: icmp_seq=1 ttl=63 time=2.00 ms
64 bytes from 10.42.0.76: icmp_seq=2 ttl=63 time=93.7 ms
64 bytes from 10.42.0.76: icmp_seq=3 ttl=63 time=1.47 ms
64 bytes from 10.42.0.76: icmp_seq=4 ttl=63 time=1.66 ms
64 bytes from 10.42.0.76: icmp_seq=5 ttl=63 time=1.64 ms
64 bytes from 10.42.0.76: icmp_seq=6 ttl=63 time=1.48 ms
64 bytes from 10.42.0.76: icmp_seq=7 ttl=63 time=1.18 ms
64 bytes from 10.42.0.76: icmp_seq=8 ttl=63 time=1.23 ms
64 bytes from 10.42.0.76: icmp_seq=9 ttl=63 time=1.42 ms
64 bytes from 10.42.0.76: icmp_seq=10 ttl=63 time=66.6 ms
64 bytes from 10.42.0.76: icmp_seq=11 ttl=63 time=89.2 ms
64 bytes from 10.42.0.76: icmp_seq=12 ttl=63 time=9.22 ms
64 bytes from 10.42.0.76: icmp_seq=13 ttl=63 time=134 ms
WORKEDDDDDDDDDDDDDDDDDDDDDDDDDDD.
Thanks a lot Thomas . I have no words to thank you.
One last question. Why this wasn’t necessary ( disabling firewall ) when we had IPs from an external access point ( 192.168.2.1 for example ) ??
Possibly because you were using LXD’s built in private bridge, lxdbr0, which then performs NAT for outbound connections to your LXD host’s address and so it is not behaving as a router (and not using the FORWARD chain in the firewall).
Ι see. Thanks a lot