thayer

joined 2 years ago
sorted by: new top controversial old
Official Unixporn Community ? in c/linux@lemmy.ml
[–] thayer@lemmy.ca 4 points 1 year ago

Frankly, I welcome multiple unixporn communities, as the largely singular community on reddit was too strict, in my opinion, and many screenshots went unshared as a result.

Recommendations for a good .ca domain host? in c/selfhosted@lemmy.world
[–] thayer@lemmy.ca 2 points 1 year ago* (last edited 1 year ago) (2 children)

I've been happy with whc.ca for hosting...been using their pro account for years. I generally use canspace.ca for domain registration, and have done so for more than 10 years without issue.

Can you help me with firewalld? in c/linux@lemmy.ml
[–] thayer@lemmy.ca 5 points 1 year ago* (last edited 1 year ago) (1 children)

I can't provide specific advice for tailscale, but I can share my notes for my own use case, which is for PCs that are safely behind the home firewall. You'd want to adjust your ssh/smb settings accordingly. You shouldn't need any rules for ProtonVPN, as you're likely just trying to block incoming connections, not outbound.

It's my understanding that Fedora opens ports 1025-65535/tcp and 1025-65535/udp by default.

To lock down to sane defaults (--permanent saves the settings directly, avoiding the need to run firewall-cmd --runtime-to-permanent separately):

sudo firewall-cmd --permanent --remove-port=1025-65535/tcp
sudo firewall-cmd --permanent --remove-port=1025-65535/udp
sudo firewall-cmd --permanent --add-port=27031/udp  # steam remote play
sudo firewall-cmd --permanent --add-port=27036/udp  # steam remote play
sudo firewall-cmd --permanent --add-port=27036/tcp  # steam remote play
sudo firewall-cmd --permanent --add-port=27037/tcp  # steam remote play

Ensure that ssh and samba-client are listed as allowed services too (sudo firewall-cmd --list-all).

  • Firewalld must be reloaded before rule changes will take effect: firewall-cmd --reload
  • Changes will reset upon reboot unless made persistent by using --permanent or by committing all changes with --runtime-to-permanent

Common commands:

sudo systemctl enable --now firewalld   # enable and start firewalld service
sudo systemctl disable firewalld
sudo systemctl stop firewalld

sudo firewall-cmd --state               # show running state of firewalld
sudo firewall-cmd --get-active-zones    # list active zones
sudo firewall-cmd --get-zones           # list all zones
sudo firewall-cmd --get-default-zone    # list default zone
sudo firewall-cmd --list-ports          # list allowed ports in current zone
sudo firewall-cmd --list-all            # list all settings
sudo firewall-cmd --reload              # reload firewall rules to activate any rule modifications

Add/remove ports, services, IPs:

sudo firewall-cmd --add-port=port-number/port-type      # allow incoming port  (tcp,udp,sctp,dccp)
sudo firewall-cmd --remove-port=port-number/port-type   # block incoming port
sudo firewall-cmd --add-service=<service-name>          # allow incoming service (see /etc/services)
sudo firewall-cmd --remove-service=<service-name>       # block incoming service (see /etc/services)
sudo firewall-cmd --add-source=192.168.1.100 (or 192.168.1.0/24)    # whitelist incoming IP or IP range
sudo firewall-cmd --remove-source=192.168.1.100 (or 192.168.1.0/24) # remove whitelisted IP or IP range

Block an IP or IP range (rich rules):

sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.100' reject"
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.0/24' reject"

Whitelist IP for specific port (rich rule):

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept'

Removing a Rich Rule

sudo firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept'
Am I overthinking it? in c/linux@lemmy.ml
[–] thayer@lemmy.ca 15 points 1 year ago* (last edited 1 year ago) (4 children)

As a fellow Atomic user, my completely biased opinion is that you've made a good choice of distro for switching from Windows.

Don't sweat the need or desire to layer a few packages. I see a lot of folks stress over this as if it's a hard rule they are breaking. It's a general recommendation and little more. I would be surprised if most users don't layer at least one package (or even a few).

On my main workstation, running Kinoite at the moment, some of the layered packages include:

  • distrobox
  • gdm (sddm refuses to respect autologin)
  • kate
  • ksystemlog
  • syncthing
  • vim-enhanced
  • virt-manager
  • virt-viewer
Switch from Ubuntu to something immutable? in c/linux@lemmy.ml
[–] thayer@lemmy.ca 6 points 1 year ago

Same, I've switched all of my workstations to Kinoite and Silverblue over the past 18 months, and couldn't be much happier about it.

PSA: How to install Brother HL-L5210DW printer under Fedora 40 using IPP-over-USB in c/linux@lemmy.ml
[–] thayer@lemmy.ca 4 points 1 year ago* (last edited 1 year ago)

That's a great post too, thanks for sharing it here. My hope is that folks might still manage to find this info through search engines, even if Lemmy isn't yet as highly indexed as other platforms.

Mommy, why is the Apple Pie so spicy? in c/funny@lemmy.world
[–] thayer@lemmy.ca 5 points 1 year ago

Hah, I can absolutely see myself doing this if we didnt keep our "baking" spices and related ingredients in a different cupboard.

Networking Dilemma in c/selfhosted@lemmy.world
[–] thayer@lemmy.ca 5 points 1 year ago

If it were me and there was no way to have an additional drop installed from the exterior, I would still consider running a single cable through the living space to your desired location, as discreetly as possible.

It's difficult to suggest exactly how to do so without pics or a floorplan, but I would try to match the wall or trim color and keep the cable tucked close to the floor and/or ceiling throughout the run.

Once in place, the cable will quickly disappear into your surroundings and you'll be left with rock solid reliable networking.

Accent colors for GNOME has been merged as well! in c/linux@lemmy.ml
[–] thayer@lemmy.ca 11 points 1 year ago

And I don't even care if they keep it as a "tray". I'd be content with integration into the dash if they can make it work smoothly. For example, just having the app start minimized as a regular icon (or segregated icon) in the dash...just something at this point.

Accent colors for GNOME has been merged as well! in c/linux@lemmy.ml
[–] thayer@lemmy.ca 23 points 1 year ago (6 children)

I'm happy to see it's finally happening, and I hope they left its implementation flexible.

What I'd really love to see (aside from triple buffer) is a real solution to the system tray situation. AppIndicator is problematic for some apps and under certain X11/Wayland desktops, and even when it works well it is cumbersome to use compared to traditional tray implementations. Hoping we see a new approach soon.

In the meantime, I've been enjoying a revisit to KDE Plasma under Kinoite and I have to say I'm really impressed with both DEs!

Campaigns Can Now See What You Watch on TV. in c/privacy@lemmy.ml
[–] thayer@lemmy.ca 3 points 1 year ago

Our Smart TV is offline 99% of the time, so I rarely see the smart features. We'll sometimes have company stay over and they'll connect the Ethernet to use the built-in streaming apps with their own credentials, so it's a nice option to have and it doesn't impact us otherwise.

Campaigns Can Now See What You Watch on TV. in c/privacy@lemmy.ml
[–] thayer@lemmy.ca 2 points 1 year ago

JF's UI hasn't really done it for me for whatever reason...I have it running in an LXC already and mostly use it at my workstations.

view more: ‹ prev next ›