• 0 Posts
  • 101 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle



  • There’s a bunch of posts about the iptables-save function of the built-in iptables module not working in many cases, so I figured it was a safer bet to suggest the playbook include an actual command invocation.

    In my personal experience, the module doesnt actually save the persistent rule in about half the cases. I haven’t looked into it much, but it seems happen more on systems where systemd iptables-firewall is present. (Not trying to start a flame war)







  • https://en.m.wikipedia.org/wiki/IEEE_802.1X

    802.1x are a set of protocols that allow port access to be locked to specific devices, which would preclude your need for multiple subnets. You would likely need a few extra physical ports on your white box router, the unmanaged switch could later become overwhelmed passing traffic in a more complicated setup, and you would still need to keep trusted and untrusted traffic separate at the gateway subnet.

    Your use case is exactly why vlans were invented.

    However, I suspect from your other answers that you are actually looking for an open source managed switch so your entire networking stack is auditable.

    There are a few solutions like opx, but hardware supporting opx is prohibitively expensive and it is almost always cheaper to build a beige box and use Linux or get a 2nd hand supported device and use openwrt.











  • More incus:

    • mounting persistent storage into containers (cheating by exporting NFS from my proxmox zfs into the incus host.
    • wrote a pruning backup script for containers, runs daily, keeps last 7 days and the first of the month
    • passed through hardware (quicksync) into jellyfin container (it works!)
    • launched an OCI container (docker home assistant) natively in incus (this is a game-changer!)

    Next:

    • build 2nd incus node
    • move all containers from proxmox to incus
    • decom proxmox
    • setup Debian with NFS export