01:58 <gchristensen> nixos' test framework is pretty fun for experimenting with network configs

02:10 <clever> gchristensen: but it cant help with a thing leaking ram on the router, and causing dhcp to go down

02:11 <clever> gchristensen: oddly, NAT kept working, even with the system basically dead from swap

04:00 <cransom> way back when, i knew a man who ran bsd routers and he would halt them after configuring, letting the kernel do its (static) routing and nat things and they couldn't be touched.

04:45 <clever> cransom: years ago, when i ran an LFS router, i had to do some emergency maintaince on the rootfs with fsck

04:45 <clever> cransom: but, i refused to have any downtime!

04:46 <clever> cransom: so, i painstakingly (and manually) switched it to a single-user like mode, with a read-only rootfs

04:46 <clever> stopping every service that had files open for writing, and remounting /

04:46 <clever> i dont think that would be possible on a modern distro, at least not as easy...

12:17 <gchristensen> my firewall experiments nixos test might be getting out of hand.

14:30 <gchristensen> I have a test that I'm having a hard time making work. anyone able to take a look? a container can talk over a bridge to a router to a peer's IP, but not over that peer's other IP: https://gist.github.com/grahamc/a24f6fe37aeb7bfddca69892b9f8a441 top describes layout & intent, line 329-342 are where I have trouble. the container which has IP 192.168.200.2/24 can talk to IPs in the

14:30 <gchristensen> 192.168.100.0/24 but not in 172.16... or 10.... ranges

14:34 <gchristensen> I'm surprised one works and not all/none, since 192.168.100.0/24 and 192.168.200.0/24 are different subnets

14:35 <gchristensen> to clarify, the uncommented test lines work, the commented test lines fail

16:18 <gchristensen> hmm looks like it is a problem with `router`, as if I drop the 172.16, 10. IPs from `runner`, `runner` can't use `router` to talk over those