| Age | Commit message (Collapse) | Author |
|---|
|
maybe more secure
|
|
|
|
man dnsmasq wrote "By default, dnsmasq will send queries to any of the
upstream servers it knows about and tries to favour servers that are
known to be up." There's a --strict-order option to make bottom
server=... as highest priority, see [this stackexchange question][0]. I
think this default behavior seems not very good, it send some
unnecessary dns queries. But tcpdump shows there's not much dns query
going on any way so maybe not a problem.
[0]: https://unix.stackexchange.com/q/500900
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Because ens19 seems no network, if use ens19 then ipv6 will not work.
The config in the past sometimes ipv6 not work I think is due to somehow
SIT 6in4 tunnel sometimes use ens19 instead of ens18.
|
|
|
|
iif need the interface exist, iifname don't need, more see man nft. If
use iif, after reboot when nft start, ipv6net interface seems do not
exist, so nft will error and failed to start. Use iifname can fix this
issue.
|
|
|
|
|
|
|
|
|
|
related upstream PR and commit:
https://github.com/sudo-project/sudo/pull/427
https://github.com/sudo-project/sudo/commit/7c121ff8340c6fa551ba4997dde9d450cf74e40c
|
|
|
|
|
|
|
|
|
|
ba can use ipv6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
can do acme.sh
|
|
|
|
gitolite@flylightning.xyz` and `ssh -4 gitolite@flylightning.xyz` both error; note this is after me config studio and ca wg forward
|
|
|
|
Also added monero-p2p port number to /etc/services for nft to use
|
|
|
|
|
|
|
|
|
|
|
|
Details see `man postconf.5`. It seems smtpd_hide_client_session config
for port 25 smtp MTA this must be no, port 587 and 465 (submission and
submissions) MTU can be set to yes in master.cf. Port 25 smtp MTA
receives messages from others to me. Port 587 and 465 (submission and
submissions) MTU receives messages from me to others. main.cf is configs
for all. master.cf I can set configs specifically to submission and
submissions.
Before, when others receives my email that send from my laptop, it will
leak my laptop's hostname and ip in one of its `Received` header like
`Received: from <my-hostname> (<my-domain-name> [<my-ip>]) by
mail.flylightning.xyz ...`. After set smtpd_hide_client_session to yes,
that line changed to `Received: by mail.flylightning.xyz ...`, note
there's no `from ...` that leaks my ip.
|
|
Sometimes, there's a new route appear in my `ip -6 r`:
default nhid 715021918 via fe80::284:e5ff:fe28:829d dev eth0 proto ra metric 1024 expires 24sec pref medium
There's also these lines appear in my `ip -a`:
inet6 2606:a8c0:3:8cd:246:d3ff:fed8:155d/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86398sec preferred_lft 14398sec
It seems sometimes Crunchbits maybe send some ipv6 RA (router
advertisement) message to my VPS and cause my VPS to add these lines.
This will break ipv6 of my VPS. I searched online, it seems I can use
`IPv6AcceptRA=false` in my systemd network config file, and it fixed the
issue. Not sure if this is the correct way. I also don't quite
understand RA.
Maybe another way to fix the issue is to accept RA and let is to
configure my ipv6 correctly somehow. But this RA message only appears
sometimes and not always. So I think just disable it maybe is a better
way.
More links related to RA: https://unix.stackexchange.com/q/766565
https://unix.stackexchange.com/q/639260
|
|
|
|
sure how or why
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
