!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

874 Members
Declaratively manage your switching, routing, wireless, tunneling and more. | Don't rely on `networking.*` for interface and routing setup, use systemd-networkd, ifstate or NetworkManager instead. | Set `SYSTEMD_LOG_LEVEL=debug` to debug networking issues with networkd | No bad nft puns, please. | Room recommendations: #sysops:nixos.org249 Servers

Load older messages

SenderMessageTime
2 Dec 2025
@nazarewk:matrix.orgkdn is there a reasonable way to force custom-built install-iso to use only one (first?) of the plugged in ethernet interfaces? 12:23:01
@nazarewk:matrix.orgkdn * is there a reasonable way to force custom-built install-iso to use only one (first?) of the plugged in ethernet interfaces without telling it which one should it be? 12:23:10
@nazarewk:matrix.orgkdnI have devices with 4 ports and I can only access it through one of those with the highest default route metric12:23:41
@sandro:supersandro.deSandro 🐧first as in the one with highest default route, as first doesn't make much sense otherwise14:47:25
@k900:0upti.meK900 Do you control the route metrics? 14:48:56
@k900:0upti.meK900 You can just push the correct metric over DHCP 14:49:22
@k900:0upti.meK900If you control the DHCP14:49:30
@k900:0upti.meK900 (you probably should do that anyway) 14:49:41
4 Dec 2025
@i-am-logger:matrix.orgIdo Samuelson joined the room.01:46:10
@isabel:isabelroses.comisabel changed their profile picture.16:41:36
@tanja:catgirl.cloudTanja (she/her) - ☎️ 4201 changed their display name from Tanja (she/her) to Tanja (she/her) - ☎️ 4201.18:10:30
6 Dec 2025
@hosaidenpwd:matrix.orgP J joined the room.07:45:51
8 Dec 2025
@okamis:matrix.orgokamis joined the room.14:22:46
@okamis:matrix.orgokamisIm using runnixostest interactive as a playground environment. I would like it to be a bit similar as non-interactive, so I would like ssh access but not access to the internet, whats a good way to achieve that? Currently im running "ip route del default" in the testscript.14:24:11
@k900:0upti.meK900Could just firewall all outgoing connections14:24:36
@okamis:matrix.orgokamisI had a rule drop all outgoing, and it screwed up kubectl connecting to k3s using localhost:8080,14:26:38
@k900:0upti.meK900Well that depends on how you implemented it14:27:32
@okamis:matrix.orgokamis iptables -t filter -I FORWARD 1 -m state --state NEW -j DROP 14:29:10
@k900:0upti.meK900 Yeah that's not all outgoing connections 14:29:28
@okamis:matrix.orgokamisoh sorry should be OUTGOING instead of forward14:29:28
@k900:0upti.meK900That is also a bad idea14:29:35
@k900:0upti.meK900You want to match on interface14:29:40
@k900:0upti.meK900Or explicitly exclude loopback I guess14:29:45
@okamis:matrix.orgokamis

is this reasonable?

iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -m conntrack --ctstate NEW -j DROP
15:21:45
@k900:0upti.meK900Probably15:22:48
@k900:0upti.meK900I don't remember iptables well enough15:22:54
9 Dec 2025
@adam:robins.wtfadamcstephens changed their profile picture.17:25:09
@adam:robins.wtfadamcstephens changed their profile picture.17:48:29
10 Dec 2025
@truelle_trash_queen:matrix.orgTheodora changed their display name from Theodora The Absurdist Schizotisticoball to Theodora.12:17:46
@adam:robins.wtfadamcstephens changed their profile picture.14:49:51

There are no newer messages yet.

Back to Room ListRoom Version: 6