| 12 Jun 2021 |
 rager | step 1: don't configure anything from nixos any more | 23:39:03 |
| rager | step 2: add an externalIP to my traefik service | 23:39:16 |
| rager | now everything is everything | 23:39:26 |
| 13 Jun 2021 |
 Mic92 (Old) | * I know how to write network drivers or extend systemd-networkd but I don't understand k8s firewall rules :) | 06:49:01 |
| Mic92 (Old) | In reply to @rager:synapse.lickmy.app
now everything is everything wise words :) | 06:50:01 |
| Mic92 (Old) | In reply to @casey:hubns.net
the thing i missed most going from a bsd universe to linux, lack of pf. nftables with nflog devices goes at least partially in this direction. The only issue is the poor adoption at the moment. But this might change this year. | 06:51:19 |
 eyJhb | In reply to @joerg:bethselamin.de
nftables with nflog devices goes at least partially in this direction. The only issue is the poor adoption at the moment. But this might change this year. What happens this year? | 07:01:26 |
| Mic92 (Old) | In reply to @eyjhb:eyjhb.dk
What happens this year? Debian has adopted iptables-nftables. We had a similar PR, but systemd support for nftables was not finished. This is now the case. So we could make the jump unless other blockers are found. | 07:02:26 |
| rager | meanwhile, other people are trying to replace both with a new bpf setup | 08:19:22 |
| Mic92 (Old) | Yeah. I saw that. How are these efforts going? | 09:26:42 |
| Mic92 (Old) | I just saw that there discussions to remove bpfilter again. | 09:28:45 |
 keithy | on reboot network-setup is failing with Error: Nexthop has invalid gateway. any ideas? | 13:54:00 |
 hexa | Redacted or Malformed Event | 13:56:09 |
| hexa | many ideas | 13:57:01 |
| hexa | nexthop (gateway) address could be on a) network or b) broadcast address | 13:57:17 |
| hexa | it could be outside of the L3 domain | 13:57:47 |
| hexa | and you always need L2 access to use a gateway | 13:57:57 |
| hexa | not sure who throws that error | 13:58:03 |
|  Kritnich joined the room. | 13:59:34 |
| keithy | how do I find out what it thinks is configured as the gateway? | 14:05:56 |
| keithy | $ ip route
default via 10.11.12.1 dev enp0s10 src 10.11.12.2 metric 202
10.11.12.0/24 dev enp0s10 scope link src 10.11.12.2 metric 202 | 14:06:35 |
| Mic92 (Old) | keithy: 10.11.12.1 is your default gateway | 14:10:50 |
| keithy | as expected | 14:11:21 |
| Mic92 (Old) | your ip address is 10.11.12.2 and the subnet directly attached to your network interface is 10.11.12.0/24 | 14:11:58 |
| keithy | anything wrong with that so far? | 14:12:33 |
| keithy | network-setup works when I start it manually post reboot | 14:13:30 |
| Mic92 (Old) | no, what is in your network-setup? | 14:17:33 |
| Mic92 (Old) | systemctl cat network-setup.service | 14:17:34 |
| Mic92 (Old) | and cat the ExecStart script in it. | 14:17:42 |
| Mic92 (Old) | cc keithy | 14:17:56 |
