| 17 Dec 2025 |
|  mall0c joined the room. | 20:37:22 |
 Marcus | What's the right way to configure the nixos firewall with ipv6 so it allows internet connections from the trusted interfaces, but doesn't forward connections from the wan? Seems I can ssh straight into my lan interface from the internet if filterForward is off, but can't ssh out of my lan if it's on. | 21:43:40 |
| Marcus | hrm, I guess this is because filterforward uses externalInterface, but my ipv6 is routed through a HE tunnel rather than the wan interface. | 22:05:01 |
| Marcus | yeah, filterforward even uses config from nat, so I guess it doesn't like non-natted ipv6 well. Fixed it with a extra ruleset for the HE tunnel. | 22:15:33 |
| 18 Dec 2025 |
 n4ch723hr3r (putting stuff in your name is cringe) | i have a dns server which for a machine name returns the VPN IP. however systemd only allows interface specific DNS lookups for a TLD. so my plan was to redirect $HOST.local for example to that DNS server. however the DNS server would return NXDOMAIN since it wants $HOST ONLY.
so the question: how could i edit that DNS query. through a local dns proxy?
graphically:
client ---- $HOST.local ---> proxy ---- $HOST -----> DNS server
| 07:53:25 |
|  @acidbong:envs.net joined the room. | 07:58:50 |
 K900 | Uhh what | 08:03:52 |
| K900 | What do you even mean by "only allows lookups for a TLD" | 08:04:04 |
|  Dieselgert Baghetto joined the room. | 08:39:11 |
| n4ch723hr3r (putting stuff in your name is cringe) | you define multiple DNS servers in resolved with the option to for example only use 1.1.1.1 for .local domains | 09:39:32 |
