!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

908 Members
Declaratively manage your switching, routing, wireless, tunneling and more.265 Servers

Load older messages

SenderMessageTime
29 Jun 2025
@marie:marie.cologneMarienftables by default when16:47:51
@hexa:lossy.networkhexawe're using nft these days16:47:51
@emilazy:matrix.orgemilywell, sure16:47:56
@emilazy:matrix.orgemilybut the closure size is like zero16:48:00
@hexa:lossy.networkhexait is using the iptables-nft wrapper probabl;y16:48:04
@hexa:lossy.networkhexa* it is using the iptables-nft wrapper probably16:48:05
@emilazy:matrix.orgemilynot worth any patching16:48:11
@hexa:lossy.networkhexafor the most part, yeah16:48:11
@hexa:lossy.networkhexadepending on systemd is not adding anything 😄 16:48:18
@emilazy:matrix.orgemily like, look at that _firewall_backend_detect patch 16:48:26
@emilazy:matrix.orgemilytotally not worth it16:48:29
@hexa:lossy.networkhexanm uses its internal dhcp client by default16:49:34
@hexa:lossy.networkhexaso dhcpcd can be made optional16:49:43
@emilazy:matrix.orgemilyhmm16:50:13
@emilazy:matrix.orgemilyfair enough16:50:15
@emilazy:matrix.orgemilythat one does not need special patching16:50:42
@hexa:lossy.networkhexabut in general more stuff should be looked up from the path 16:50:45
@emilazy:matrix.orgemilyit seems like most of it comes for free just by patching their main function16:50:47
@hexa:lossy.networkhexa* but in general more stuff should be looked up from the path at runtime16:50:52
@emilazy:matrix.orgemilybut the firewall stuff, no16:50:56
@hexa:lossy.networkhexalike … when firewalling is enabled you have the ipt or nft executables in the path already16:51:43
@hexa:lossy.networkhexaso just pick those16:51:45
@emilazy:matrix.orgemilyI agree that late-binding is not the devil fwiw16:52:36
@emilazy:matrix.orgemily but that's an argument to have with upstream re: NFT_PATH 16:53:00
@emilazy:matrix.orgemilyand in the meantime it doesn't matter16:53:10
@emilazy:matrix.orgemily(but I think we agree on this)16:53:12
@hexa:lossy.networkhexa

nmcli or nmtui tools pull in the NetworkManager library and use those functions to search for binaries. If you then, for example, add an openconnect VPN and try to connect, they will search for the openconnect binary in their PATH as well.

16:54:03
@hexa:lossy.networkhexaI added openconnect as a system package because of that remark16:54:16
@emilazy:matrix.orgemilytbh, the OpenConnect thing probably should actually be a separate option at that point16:54:54
@emilazy:matrix.orgemilysince it is doing more system integration than… adding an item to a list16:55:11

Show newer messages

Back to Room ListRoom Version: 6