| 29 May 2026 |
|  lassulus changed their profile picture. | 07:07:21 |
 Eli Saado | is anyone aware of networking.firewall.* options that only apply to one address family? e.g. networking.firewall.allowedTCPPorts for v6 only? | 20:05:43 |
 Marcel | you can use extraInputRules of nftables and specify it in the rules directly => ip vs. ip6 | 20:10:23 |
| Eli Saado | yeah I was afraid that'd be the case | 20:11:06 |
| Marcel | https://gitea.c3d2.de/c3d2/nix-config/src/branch/master/hosts/librespeed/default.nix#L21-L22 | 20:11:31 |
| Eli Saado | shouldn't be too hard though | 20:11:38 |
| Marcel | nftables syntaxt is realy simple | 20:11:44 |
| Marcel | * nftables syntax is realy simple | 20:11:49 |
| Eli Saado | yep | 20:11:53 |
| Eli Saado | thanks for the example | 20:11:56 |
| Eli Saado | I think I'm going to make a very ugly networking.firewall.family override xD | 20:12:10 |
| Eli Saado | * I think I'm going to make a very ugly networking.firewall.family module override xD | 20:12:13 |
| 31 May 2026 |
|  FlakeyForger joined the room. | 17:47:06 |
| 1 Jun 2026 |
|  Tanja (she/her) 📞 TNJA (8652) changed their display name from Tanja (she/her) to Tanja (she/her) 📞 TNJA (8652). | 15:33:23 |
| 3 Jun 2026 |
|  frk7 joined the room. | 11:11:35 |
| frk7 | Hello, if anyone is interested in system wide tor networking there is this patch that enables the networking.tor option with various ways to exclude traffic and other cool stuff: https://github.com/NixOS/nixpkgs/pull/515904
Disclaimer: I am the author
| 11:12:16 |
| 4 Jun 2026 |
|  Echo changed their profile picture. | 04:24:55 |
|  Andrew joined the room. | 04:26:51 |
 hexa | https://cfp.gulas.ch/gpn24/talk/HRXC7H/ | 18:37:07 |
| hexa | Redacted or Malformed Event | 18:37:22 |
| 5 Jun 2026 |
|  zimward changed their display name from zimward to zimward @GPN24. | 19:38:16 |
| 6 Jun 2026 |
| hexa | https://media.ccc.de/v/gpn24-503-delegacy-forcing-ipv6-at-scale | 16:17:07 |
| hexa | tbh, this looks very dnssec breaky | 16:24:40 |
| hexa | at least with validating clients | 16:24:58 |
| hexa | we can probably have our own q&a if we just yank mynacol in this room | 16:42:09 |
| hexa | Redacted or Malformed Event | 16:42:16 |
 Nico | Thanks for sharing, I haven't been aware of DNAME records
DNS64 breaks dnssec, this is known and one of the reasons why this should be done on the client side (e.g. pref64), but as your name expresses this doesn't really that well on linux yet. | 16:47:03 |
| hexa | networkmanager has a clat in the next release | 16:48:44 |
| hexa | so we have answer for this question :p | 16:48:52 |
| Nico | Uuuuh nice, I'm waiting for it to finally get rid of the broken clatd https://github.com/secshellnet/nixos-tests/pull/3 | 16:49:53 |
