![](/static/e3814064/assets/icons/icon-96x96.png)
![](https://lemmy.ca/pictrs/image/7b0211f0-7266-4e13-9d26-8c3e6126af62.png)
it’s cool now
No, it’s pretty hot actually.
it’s cool now
No, it’s pretty hot actually.
My first sentence when I get connected to a chat bot is always “Let me speak to a human”.
Yes, because Docker becomes significantly more powerful once every container has a different publicly addressable IP.
Altough IPv6 support in Docker is still lacking in some areas right now, so add that to the long list of IPv6 migration todos.
A lot of absurdly long attack chains where it’s hard to read when you have an opening. Delayed attacks you have to memorize the timing for. Attacks where the enemy either dashes or stretches their model an absurd distance to hit you so it’s hard to get away from them or gauge distances.
That’s also my main critique with Elden Ring. There’s so many spin to win enemies in the game that will just keep attacking for 10 seconds straight, it gets old so quickly.
I miss the slow and methodical attacks from DS1 and to some extent DS3. DS3 was already a lot quicker than DS1 but most attacks were really well choreographed so I didn’t really mind. When an enemy pulled their sword back in DS3 you knew they were about to attack. In Elden Ring they will hold that sword back and hold and hold and hold and then after you rolled 3 times they hit you. It’s almost impossible to read an attack on the first try, which feels really unsatisfying.
Not to say I don’t like Elden Ring, I do. But out of all From games it’s one of the weaker entries.
Didn’t even buy the DLC.
That’s the issue, game works fine with the DLC and fails without the DLC.
At least when playing offline you can use er-patcher to play it without framerate limit, chromatic aberration and in ultrawide. https://github.com/gurrgur/er-patcher
There is this notion that IPv6 exposes any host directly to the internet, which is not correct. When the client IP is attacked “directly” the attacker still talks to the router responsible for your network first and foremost.
While a misconfiguration on the router is possible, the same is possible on IPv4. In fact, it’s even a “feature” in many consumer routers called “DMZ host”, which exposes all ports to a single host. Which is obviously a security nightmare in both IPv4 and IPv6.
Just as CGNAT is a thing on IPv4, you can have as many firewalls behind one another as you want. Just because the target IP always is the same does not mean it suddenly is less secure than if the IP gets “NATted” 4 times between routers. It actually makes errors more likely because diagnosing and configuring is much harder in that environment.
Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.
That is what the privacy extension was created for, with it enabled it rotates IP addresses pretty regularily, there are much better ways to keep track of users than their IP addresses. Many implementations of the privacy extension still have lots of issues with times that are too long or with it not even enabled by default.
Hopefully that will get better when IPv6 becomes the default after the heat death of the universe.
With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?
The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.
Assuming you have multiple hosts in your IPv6 network you can simply add “port forwardings” for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.
I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.
That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn’t matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.
Anything connected to an untrusted network should have a firewall, doesn’t matter if it’s IPv4 or IPv6.
There’s functionally no difference between NAT on IPv4 or directly allowing ports on IPv6, they both are deny by default and require explicit forwarding. Subnetting is also still a thing on IPv6.
If anything, IPv6 is more secure because it’s impossible to do a full network scan. My ISP assigned 4,722,366,482,869,645,213,696 addresses just to me. Good luck finding the used ones.
With IPv4 if you spin up a new service on a common port it usually gets detected within 24h nowadays.
What for? It’s not like any more updates are planned.
Off the top of my head, why did you set the prefix to 0x1? I was under the impression that it only needs to be set if there are multiple vlans
I have multiple VLANs, 0x1 is my LAN and 0x10 is my DMZ for example. I then get IP addresses abcd:abcd:a01::abcd in my LAN and abcd:abcd:a10::bcdf in my DMZ.
However, I get a /56 from my ISP wich gets subnetted into /64. I heard it’s not ideal to subnet a /64 but you might want to double check what you really got.
what are your rules for the WAN side of the firewall?
Only IPv4 + IPv6 ICMP, the normal NAT rules for IPv4 and the same rules for IPv6 but as regular rule instead of NAT rule.
My LAN interface is only getting an LLA so maybe it’s being blocked from communicating with the ISP router.
If you enable DHCPv6 in your network your firewall should be the one to hand out IP addresses, your ISP assigns your OPNsense the prefix and your OPNsense then subnets them into smaller chunks for your internal networks.
It is possible to do it without DHCPv6 but I didn’t read into it yet since DHCPv6 does exactly what I want it to do.
I’m no expert on IPv6 but here’s how I did it on my OPNsense box:
WAN
interface (probably already done)LAN
interface, use Track interface
on IPv6, track the WAN
interface and choose a prefix ID like 0x1
::eeee
to ::ffff
, you don’t have to type the full IP)Advertisments
to Managed
and Priority
to High
After that your DHCP server should serve public IPv6 addresses inside of your prefix and clients should be able to connect to the internet.
A few notes:
Reddit once banned me for “vote brigading” a post on a subreddit that was linked in a different subreddit, a full year after I upvoted said post.
That was the day I stopped interacting on Reddit.
Can confirm this works, removed my tablet screen with my 3D printer.
Definitely will wait for the full soundtrack to release before checking out the game. That trailer music sounded pretty weak.
While I can create a PSN account in my country, I won’t. I just won’t purchase anymore Sony games and be done with it.
They already joined EA, Take-Two and Ubisoft on my Steam ignore list.
You can also give Kannagi Usagi a try to see if you like the formula.
It’s free and pretty much a 1:1 copy of Sekiro bosses.
If you want to play the main series as well, they regularily go on sale for 35 bucks for all 7 games.
Yakuza 0 goes on sale for 5 bucks pretty much all the time as well. I’m on Yakuza 2 right now and so far they all work fine on Steam Deck.
Check out LM Studio. Very easy to get started and runs on both CPU and GPU.
ufotable once again delivering the full movie experience in a TV show episode. The animation and music were absolutely gorgeous.