| 4 Feb 2026 |
|  tiferrei joined the room. | 13:15:49 |
| tiferrei left the room. | 13:31:08 |
| tiferrei joined the room. | 13:38:11 |
| tiferrei left the room. | 14:28:43 |
| 5 Feb 2026 |
|  tezlm set a profile picture. | 23:03:04 |
| 6 Feb 2026 |
|  midischwarz12 left the room. | 03:01:57 |
| 7 Feb 2026 |
 matthewcroughan @fosdem | K900: Do you have a nice nftables ruleset for ipv6 at home? | 19:00:09 |
| matthewcroughan @fosdem | I haven't really done the due diligence when it comes to blocking unsolicited v6 inbound | 19:00:26 |
 K900 | No | 19:01:24 |
| K900 | I have honestly not bothered | 19:01:35 |
| matthewcroughan @fosdem | So you're doing the same as me and just not caring? | 19:01:42 |
| K900 | Basically | 19:01:48 |
| matthewcroughan @fosdem | I found this post, it's pretty true https://ipv6.net/blog/ipv6-home-network-firewall-risks/ | 19:01:50 |
 Albert Larsan | Tbh I have my devices secured the same as for IPv4, ie services do not listen on 0.0.0.0 or :: if I want to keep them LAN-local or limited to localhost (also have firewalls, but they have holes for all the same ports) | 19:11:07 |
| Albert Larsan | My (ISP-provided) home router has a (quite strict) IPv6 firewall enabled by default, which I disabled because it was annoying | 19:12:24 |
| matthewcroughan @fosdem | so every device on your LAN is still reachable? | 19:13:56 |
| Albert Larsan | Yeah, but good luck finding them in the 2⁶⁴ sea of IPs they could have | 19:14:55 |
| Albert Larsan | And I have a personal router behind the ISP router that does ping rate-limiting | 19:15:44 |
| Albert Larsan | Before the (W)LAN is reached | 19:15:59 |
| K900 | Hmm you know what actually | 19:16:33 |
| K900 | networking.firewall.filterForward is a thing | 19:16:39 |
| K900 | And does basically just enough and just stupid enough for me to enable it | 19:16:47 |
| Albert Larsan | I think it would break my dn42 stuff though | 19:17:19 |
| K900 | Hmm actually this kinda sucks now | 19:19:59 |
| K900 | I guess I need miniupnpd | 19:20:32 |
| K900 | OK so | 22:04:10 |
| K900 | I fell down a fucking hole again | 22:04:13 |
| K900 | Our miniupnpd can't do IPv6 pinholing | 22:04:31 |
| K900 | This enables it in just the package; https://github.com/NixOS/nixpkgs/pull/488104 | 22:04:40 |
| K900 | Which is basically a no-op because it can't make anything worse | 22:04:47 |
