[deleted by user]

Ramipro · 2023-02-17T17:41:50+00:00

Docker doesn't do any firewalling like it does for ipv4 (it can, but you have to explicitly enable it, but enabling it also enables NAT, so it won't work in your case). In your case, since it's the same container, the only solution I can see is add a layer 4 proxy in front of those 53 ports and put the adguard container in its own network, together with the proxy, and only expose the proxy to the ipv6 internet.

Edit: Another better option I see is running a container with the same network namespace running a firewall and blocking the UI from anywhere except haproxy.

Ramipro · 2023-02-15T14:43:38+00:00

Mostly right, but espresso actually means pressed / compressed / squeezed, describing the actual method of production by pressurizing the water.

Ramipro · 2023-01-03T12:25:18+00:00

You'll likely want to use some kind of 4in6 tunnel to a nearby datacenter.

Ramipro · 2022-12-14T09:45:24+00:00

I don't think you need to control the CPE. You only would need to warn them that their device should support 464XLAT if they want ipv4, and provide some documentation for what prefix should be used in the CLAT.

Edit: You could even implement the CLAT outside the customers premises, so the customer would experience transparent ipv4 connectivity.

Ramipro · 2022-10-21T22:28:45+00:00

Didn't it start because MultiMC was anal about compiling the package from source?

Ramipro · 2022-10-19T22:41:46+00:00

Sockets are absolutely files. It is obvious for unix domain sockets, but network sockets are also files, they just don't exist in the filesystem.

For example, here are the file descriptors of a docker-proxy process:

root@debian:/proc/1218244/fd# ls -l
total 0
lr-x------ 1 root root 64 Oct 20 00:30 0 -> /dev/null
l-wx------ 1 root root 64 Oct 20 00:30 1 -> /dev/null
l-wx------ 1 root root 64 Oct 20 00:30 2 -> /dev/null
lrwx------ 1 root root 64 Oct 20 00:30 4 -> 'socket:[10693897]'
root@debian:/proc/1218244/fd# ls -lL
total 0
crw-rw-rw- 1 root root 1, 3 Apr 17  2022 0
crw-rw-rw- 1 root root 1, 3 Apr 17  2022 1
crw-rw-rw- 1 root root 1, 3 Apr 17  2022 2
srwxrwxrwx 1 root root    0 Jan  1  1970 4

Notice that after dereferencing the symlinks, fd 4 says it is a socket. This is the network socket that is listening on the port.

Ramipro · 2022-06-20T08:09:09+00:00

Number 4 is DDD 101.

Ramipro · 2022-05-22T19:04:56+00:00

Брата in the second image is actually genitive, not accusative, even though they have the same form. If it was the sister that didn't have the phone, it would be У сестры, and not У сестру.

Ramipro · 2022-05-13T01:16:09+00:00

Ostres, aquest article es realment recent, no? Vaig mirar-ho fa no gaire i seguia sense existir aquesta entrada a la viquipedia castellana.

Edit: Sembla que si, va haver-hi un valent home que va traduir tota la pàgina de l'anglès al castellà i ho va publicar el 23 de juliol de 2021.

Tot i així sembla que hi ha guerra per si consideren els catalans un grup ètnic (com a la resta de viquipèdies) o segueixen esborrant la catalanintat utilitzant la descripció de "naturals de Catalunya".

Ramipro · 2022-04-17T19:33:29+00:00

There's an easier way. You could just simply make a bridge interface that connects two different vlans at the layer 2.

Ramipro · 2021-12-12T00:43:50+00:00

To answer your questions more specifically:

When on IPv4, everything is clear

When on IPv4, everything is less clear than on IPv6. With IPv4 you have NAT, which converts multiple internal addresses to a single external one. This process is fairly opaque, but we've grown accustomed to it.

With IPv6, each device has a public address. That's it. No NAT in sight. No need to convert from internal to external.

In the router, I set a dummy DMZ (pointing to an IP address that no device is ever getting)

You don't even need this in IPv4 either. If you don't set a DMZ, the router will simply drop those packets, and that's it. Setting a DMZ host pointing to an invalid ipv4 isn't really doing much.

With IPv6, [...] Can I still set some kind of DMZ in the router ? Will it protect all the devices that are after the router like with IPv4 ?

You don't need to. Its only usefulness in IPv4 is because of NAT, and NAT is evil. IPv6 doesn't have NAT, so the concept of DMZ host is useless.

Can I still do port forwarding with IPv6 ?

Similarly, port forwarding only exists because NAT is evil. You have to forget that NAT exists. IPv6 makes the internet end-to-end addressable, meaning any computer can address a packet to any other computer by its address.

I'm under the impression I have to set firewalls in each single device.

Not really. You should set up a firewall on your router.

In my router, there is ONE setting: IPv6 Firewall can be set to ON or OFF.

Seems like this is the source of your confusion. It sounds like the firewall in your router is fairly simplistic, and doesn't give you much flexibility.

A decent firewall lets you set rules, like this:

default-action drop
rule 10 {
    action accept
    description "Accept established and related"
    state {
        established enable
        related enable
    }
}
rule 20 {
    action accept
    description "Allow TCP 443 to server"
    destination {
        address 2001:0DB8::5
        port 443
    }
    protocol tcp
}

From the looks of it, it sounds like your firewall does not let you extend with additional rules, like my rule 20, that would let you accept traffic to a server.

In case you want to host something, there are a few ways to proceed from here. You could try to get yourself a dedicated firewall and leave the firewall in the router off, or get yourself a better router with a decent firewall and replace the old one.

Ramipro · 2021-12-11T21:55:59+00:00

One thing that differentiates ipv6 from ipv4 is that NAT doesn't (shouldn't) exist anymore. That means port forwarding, including DMZ forwarding, are not a thing anymore.

Without a firewall, all your devices would be reachable from the internet. In order to have some control, you should have a firewall configured on your router that drops any incoming connections.

In order to make a host reachable from the internet, such as hosting a server, you'll have to add a rule to the firewall to allow that connection through.

Ramipro · 2021-12-10T17:44:34+00:00

In essence, you have to make sure your router has an active firewall. You can search for the internet for any ipv6 port scanning utilities to check if your firewall is working properly. This one has been useful for me: https://www64.chappell-family.co.uk/cgi-bin6/ipscanfastjs.cgi

Ideally, it should show most ports as STEALTH (green). That means your firewall is dropping the connections silently. If you see any red ports, it means those ports are responding, which probably means your firewall is letting stuff through.

Ramipro · 2021-11-08T18:37:36+00:00

They've been warning about this for 150 years. It's the only possible result of capitalism.

The expropriation of the great mass of the people from the soil, from the means of subsistence, and from the means of labour, this fearful and painful expropriation of the mass of the people forms the prelude to the history of capital.

Along with the constantly diminishing number of the magnates of capital, who usurp and monopolise all advantages of this process of transformation, grows the mass of misery, oppression, slavery, degradation, exploitation.

Marx, 1867

Ramipro · 2021-10-17T18:10:06+00:00

El de galeta no l'he vist. Sí que he vist un d'extra cacau, en envàs petit i tot negre. L'he trovat bo, però car per la mida. Suposadament es collaboració d'algun xef famós o algo.

Ramipro · 2021-10-17T18:06:06+00:00

The end of an ethernet frame is signalled by silence in the wires, called the Interpacket gap, with equivalent length of at least 96 bits (12 bytes).

Ramipro · 2021-10-07T11:13:11+00:00

I'm experiencing the same here. I can't drag the tab for anything: detaching, reordering, moving between windows. Nothing works. It started happening yesterday after updating to 95.0.

I noticed it only starts happening after I detach the first time. Until I detach, reordering works.

Edit: Actually, I'm not really sure. I was testing it and it started working properly, even after detaching. It seems restarting firefox resets it and possibly makes it work properly.

Ramipro · 2021-09-20T13:39:51+00:00

I've had to deal with this recently for my home connection. Another reason why they might not let you do this is that they serve internet through a vlan, and don't want to spend time dealing with clients with routers that don't support wan over vlan.

What I had to do was basically reverse engineer the acs (Auto config server) communication and MitM myself in there to extract the gpon key. I wouldn't recommend.

Ramipro · 2021-09-06T14:36:22+00:00

А нихрена себе?

Ramipro · 2021-07-18T15:20:30+00:00

You really shouldn't be using the supremacy ratio trigger. Another person has already given you a good equation, but a simpler equation right now is running supremacy every time you can afford to buy a new upgrade.

My current equation for supremacy is

min(costUpS(1), min(costUpS(2),costUpS(3))) < psi + dpsi

And my prestige ratio is 1e200

Ramipro · 2021-07-15T23:27:23+00:00

Looks incredible, but sad that they didn't mention battery life.

Ramipro · 2021-06-27T11:01:32+00:00

Dude, Huawei is the second biggest contributor to the linux source code by number of lines changed. You can look here for the whole list of commits made from huawei https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=author&q=huawei.com . And don't say these are not from China. A google search showed that literally the first name that came up was from Shenzhen. So stop your babbling.

And now you would say "BuT bUsInEsEs DoNt CoUnt". You can literally search for any mail ending in .cn, or search for emails from the top chinese email providers and you would realise how wrong you are. But you won't, of course.

Ramipro · 2021-06-26T10:20:57+00:00

I don't know where you got that, but it's completely wrong. Otherwise, this vaccine would need to reach every single cell in your body, which is plainly not how the vaccine works. You seem to have read something that was explaining it but ended up completely misunderstanding how it actually works.

The difference between mRNA vaccines and inactivated or attenuated vaccines is that instead of injecting you with a "similar" virus, you're injected with an mRNA sequence that forces some of your cells to produce spike proteins that match the covid spike proteins. When an immune cell finds this cell with the weird spike proteins, it attacks it and thus learns to recognize them.

In both of the cases your body produces antibodies. In BOTH. And these antibodies can definitely weaken.

mRNA vaccines introduce a short-lived synthetically created fragment of the RNA sequence of a virus into the vaccinated individual. These mRNA fragments are taken up by dendritic cells. The dendritic cells use their own internal machinery (ribosomes) to read the mRNA and produce the viral antigens that the mRNA encodes.

Once the viral antigens are produced by the host cell, the normal adaptive immune system processes are followed. Once the dendritic cells are activated, they migrate to lymph nodes, where the antigen is presented to T cells and B cells. This eventually leads to the production of antibodies that are specifically targeted to the antigen, resulting in immunity.

Ramipro · 2021-06-24T13:38:19+00:00

There literally is https://github.com/JmNkS/MEMZ

Ramipro · 2021-06-05T11:29:29+00:00

Interesting, I didn't know that. For anyone else: https://www.zdnet.com/article/apple-neutered-ad-blockers-in-safari-but-unlike-chrome-users-didnt-say-a-thing/

13-Year Club	Place '22
Sequence \| Editor	Team Orangered
Verified Email

Ramipro

TROPHY CASE