| 10 Oct 2025 |
 m0lok | but for some reason even if I have internet, I get this route ip+net: no such network interface | 16:51:57 |
| m0lok | I'm using a bridge for networking | 16:52:15 |
| m0lok | I had to enable tun :D | 16:55:35 |
| m0lok | mmm for some reason the tailscale on the podman container failed | 23:04:42 |
| 11 Oct 2025 |
|  midischwarz12 joined the room. | 20:34:07 |
 K900 | Woo new regdb update | 21:13:41 |
| K900 | And still no https://lore.kernel.org/wireless-regdb/20250708-russia-320-v1-1-53641e8dd417@0upti.me/T/#u | 21:13:43 |
| K900 | Should just email wens directly probably | 21:14:14 |
| 12 Oct 2025 |
| midischwarz12 removed their profile picture. | 02:45:02 |
| midischwarz12 set a profile picture. | 02:45:11 |
|  Anton (he/him) changed their display name from Anton to Anton (he/him). | 13:17:55 |
|  @midirhee12:tchncs.de removed their profile picture. | 21:27:42 |
| @midirhee12:tchncs.de removed their display name midirhee12. | 21:28:17 |
| @midirhee12:tchncs.de left the room. | 21:28:28 |
| 13 Oct 2025 |
|  KDK12 joined the room. | 11:41:46 |
| KDK12 | Hi everyone!
I'm using fail2ban to secure my server — it works fine, but I'd like to block known bad IP addresses before they can access anything.
Currently, I have a small systemd service and timer that download a FireHOL blacklist daily and insert all the IPs into an nftables set.
Is there a more idiomatic or less DIY way to achieve this on NixOS? | 13:21:57 |
| K900 | Honestly the correct answer is "just don't" | 13:26:32 |
| K900 | Address based blocklists are terrible and an adversary that can break ed25519 can do much more damage than pwning your seedbox | 13:27:05 |
| K900 | fail2ban may have made sense when people were actually using password auth | 13:27:48 |
| K900 | But as long as you're using public key auth, it's basically a non-issue, except for maybe DoS potential, but an attacker trying to DoS you can DoS anything else you're running just as well | 13:28:22 |
| KDK12 | Fair point, thanks for the insight! | 13:53:05 |
|  Ewan joined the room. | 15:28:40 |
| 14 Oct 2025 |
|  chris joined the room. | 08:56:02 |
| 15 Oct 2025 |
|  DenKn changed their display name from 𝔇𝔢𝔫𝔎𝔫 to DenKn. | 08:15:36 |
 kraem | hey! on the lookout for a poe switch, fanless or very quiet, ideally openwrt compatible but not a must. i'm eyeing zyxel gs1900-8hp, any other i should checkout? | 20:32:55 |
 adamcstephens | HP 1920-8G JG920A would be a similar option that has no fan and can run openwrt | 20:51:03 |
| adamcstephens | oh sorry, you said POE. most (or all?) of the HP 1920 line is supported on openwrt. https://svanheule.net/switches/hpe_1920_series | 20:51:57 |
| 16 Oct 2025 |
|  Nick changed their display name from norta to Nick. | 02:22:59 |
| kraem | thanks, i'll check them out! | 05:25:16 |
|  Sean Ross joined the room. | 23:03:26 |
