!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

882 Members
Declaratively manage your switching, routing, wireless, tunneling and more. | Don't rely on `networking.*` for interface and routing setup, use systemd-networkd, ifstate or NetworkManager instead. | Set `SYSTEMD_LOG_LEVEL=debug` to debug networking issues with networkd | No bad nft puns, please. | Room recommendations: #sysops:nixos.org254 Servers

Load older messages

SenderMessageTime
3 Feb 2026
@molly:matrix.flyingcircus.ioMolly Miller changed their profile picture.14:48:45
@jack:jackhenry.ioJack left the room.15:43:46
4 Feb 2026
@tiferrei:tiferrei.comtiferrei changed their profile picture.03:07:45
@tiferrei:tiferrei.comtiferrei left the room.11:53:06
@tiferrei:tiferrei.comtiferrei joined the room.13:15:49
@tiferrei:tiferrei.comtiferrei left the room.13:31:08
@tiferrei:tiferrei.comtiferrei joined the room.13:38:11
@tiferrei:tiferrei.comtiferrei left the room.14:28:43
5 Feb 2026
@tezlm:celery.eu.orgtezlm set a profile picture.23:03:04
6 Feb 2026
@midischwarz12:libg.somidischwarz12 left the room.03:01:57
7 Feb 2026
@matthewcroughan:defenestrate.itmatthewcroughan @fosdem K900: Do you have a nice nftables ruleset for ipv6 at home? 19:00:09
@matthewcroughan:defenestrate.itmatthewcroughan @fosdemI haven't really done the due diligence when it comes to blocking unsolicited v6 inbound19:00:26
@k900:0upti.meK900No19:01:24
@k900:0upti.meK900I have honestly not bothered19:01:35
@matthewcroughan:defenestrate.itmatthewcroughan @fosdemSo you're doing the same as me and just not caring?19:01:42
@k900:0upti.meK900Basically19:01:48
@matthewcroughan:defenestrate.itmatthewcroughan @fosdemI found this post, it's pretty true https://ipv6.net/blog/ipv6-home-network-firewall-risks/19:01:50
@albertlarsan68:albertlarsan.frAlbert LarsanTbh I have my devices secured the same as for IPv4, ie services do not listen on 0.0.0.0 or :: if I want to keep them LAN-local or limited to localhost (also have firewalls, but they have holes for all the same ports)19:11:07
@albertlarsan68:albertlarsan.frAlbert LarsanMy (ISP-provided) home router has a (quite strict) IPv6 firewall enabled by default, which I disabled because it was annoying19:12:24
@matthewcroughan:defenestrate.itmatthewcroughan @fosdemso every device on your LAN is still reachable?19:13:56
@albertlarsan68:albertlarsan.frAlbert LarsanYeah, but good luck finding them in the 2⁶⁴ sea of IPs they could have19:14:55
@albertlarsan68:albertlarsan.frAlbert LarsanAnd I have a personal router behind the ISP router that does ping rate-limiting19:15:44
@albertlarsan68:albertlarsan.frAlbert LarsanBefore the (W)LAN is reached19:15:59
@k900:0upti.meK900Hmm you know what actually19:16:33
@k900:0upti.meK900 networking.firewall.filterForward is a thing 19:16:39
@k900:0upti.meK900And does basically just enough and just stupid enough for me to enable it19:16:47
@albertlarsan68:albertlarsan.frAlbert LarsanI think it would break my dn42 stuff though19:17:19
@k900:0upti.meK900Hmm actually this kinda sucks now19:19:59
@k900:0upti.meK900I guess I need miniupnpd19:20:32
@k900:0upti.meK900OK so22:04:10

Show newer messages

Back to Room ListRoom Version: 6