16:53 <eyJhb> thefloweringash: maybe a discussion in here?

16:53 <thefloweringash> Oh, hi there. :-)

16:54 <eyJhb> But you use nftables on your router? Any public configs?

16:55 <thefloweringash> the config is public, don’t know if that’s a good idea, but here it is: https://bitbucket.org/thefloweringash/routernix-config/

16:56 <thefloweringash> My internet is slightly interesting. It’s map-e, which is native ipv6 with tunneled ipv4. The interesting part is that I get a static division of a public v4 address (16 sets of 16 ports), and do the nat locally

16:57 <thefloweringash> Since I don’t know of a nice way to do this in Linux, I implemented a layer of nat in bpf

16:59 <eyJhb> `ip6 saddr { 240e:f7:4f01:c::/64, 240e:d9:d800:200::/64 } counter drop comment "china probes"` ohh come on, we love those probes! - Yeah I can see that there is a lot af nice things in there

16:59 <eyJhb> I must however admit, that I have not gotten used to IPv6 yet. Maybe I should...

17:00 <eyJhb> Basically doing some nftables + IPv6 at home would be cool, also just to know the technology. But I rarely do much netwoking, simple tagging on interfaces seems like magic to me

17:04 <thefloweringash> I feel a bit bad for blocking as much of the internet as that, but it was making debugging things harder.

17:06 <eyJhb> Understandable, I am on a NAT network here were I live, so I have no real front facing IP. So I don't have that issue

17:06 <eyJhb> But it is understandable, there is a lot of.. Stuff from CN