Bert | plot thickens: ufw seems to be applied to my 172.16 VPN network but not to the 10.0 IP that's magically being transformed into my public IP by my cloud provider. Now whatever magic the cloud provider might be doing, I would expect things to still block once they get into my VM | 00:30 |
---|---|---|
=== chris14_ is now known as chris14 | ||
PeGaSuS | I doubt UFW blocks internal traffic and 10.0.0.0/24 seems to be a private/internal network? | 01:56 |
patdk-lap | that is a interesting definition of internal | 01:57 |
patdk-lap | by your definition 172.16 is also internal/private | 01:57 |
znf | pretty sure it does block, I've had that happen when using ZeroTier (and a 10.x IP range) | 04:12 |
Bert | PeGaSuS patdk-lap znf: yeah I'm seriously confused where things are going wrong | 08:00 |
=== coreycb1 is now known as coreycb | ||
Bert | I found it! Apparently it's docker inserting a free pass for its own stuff, which I'm not on board with but I guess that's "normal" | 11:31 |
=== ch0ps3y is now known as Guest3467 | ||
=== dbungert1 is now known as dbungert | ||
znf | Bert, yes, docker will bypass ufw | 16:09 |
=== dbungert is now known as dbungert1 | ||
=== dbungert1 is now known as dbungert | ||
Bert | znf: yeah, did not know that, I tend to not use docker on production stuff, but sadly that's becoming really difficult | 16:46 |
znf | Bert, you want https://github.com/chaifeng/ufw-docker | 16:49 |
=== tds0 is now known as tds | ||
=== BarnabasDK_ is now known as BarnabasDK | ||
leftyfb | I'm using the following user-data file for ubuntu 22.04 server autoinstall. https://paste.ubuntu.com/p/Rm8rsJPTnd/ It works great up until the point it wants me to confirm the storage setup with "Confirm destructive action". How do I force it to continue at that point using the user-data settings? The other issue is it's only creating the root partition as 100GB instead of taking up the entire volume | 19:06 |
fastidious | leftyfb: on the root partion, set "sizing-policy: all" maybe? | 19:08 |
fastidious | s/partion/partition/ | 19:09 |
dbungert | leftyfb: also have a look at https://canonical-subiquity.readthedocs-hosted.com/en/latest/explanation/zero-touch-autoinstall.html | 19:10 |
leftyfb | linux /casper/vmlinuz quiet autoinstall ds=nocloud\;s=/cdrom/server/ --- | 19:11 |
leftyfb | it's already there | 19:12 |
=== coreycb1 is now known as coreycb | ||
leftyfb | and adding sizing-policy: all to the lvm0-root partition section didn't make a difference. | 20:12 |
leftyfb | I swear user-data is just a "guessing and trial and error game" and you're lucky if it works at all | 20:13 |
Bert | znf: I'm actually already proxying what's on docker, so I just set docker-compose to bind to localhost | 23:35 |
znf | Yeah, that's what I usually do too | 23:39 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!