Just because it’s a bad idea doesn’t mean it wont be implemented.

I’ve searched for something like this in the past and didn’t find anything.
I’ve though of hacking together a few scripts or 8n8 to interface with freshrss to do this but it’s far down my list™

He’s doing numbers!

Had to read this twice.

Just great.

Obviously the customers don’t need to know that their audit logs not only could have been turned off for conversations without any extra authentication, but also are so easy to turn off that it happens by accident without any extra intervention.

Also their entire Vulnerability disclosing guideline is security/compliance/image theater.

Well yes, but actually this is a security update

rm -rf is way more difficult than doing literally nothing, yes.

Disable the firewall if you can to check if that’s the issue, then do a tcpdump using root with the port. Do tcpdump inside the container too and compare what you see to the docker environment.

Is caddy-caddy really the correct image?

Try with this command, it’s the minimal setup that works by default (on my machine): podman run -p 0.0.0.0:5050:80 docker.io/library/caddy:latest

Use ss -tlpn or podman ps to show what ports podman is listening on, my guess is it is only listening on localhost.

Oh well, you die and I learn.

Too inefficient, I’m just going to pump it all out and start again with fresh blood.

When you phrase it like that, maybe disabling ipv4 wouldn’t be so bad.

Protip: Don’t try to play multiplayer games in a VM.

is kludging NAT for IPv6 not a better solution versus ULA addresses?

There are very few hosts that allow only ipv6 (though there are many who only do ipv4). Ipv6 would improve internet stability and long-term communication when you’re not using a nat but that isn’t what you’re trying to build. Seeing as you’re not getting any advantage anyway I recommend ULA because it won’t get in the way of possible future migration to GUA ipv6 (globally unicast address) and still run over the ipv6 network while also avoiding Nat.

Or is the clear answer just use IPv6 as intended and let the devices handle their privacy with IPv6 privacy extensions?

It’s my clear answer at least.

If you don’t want that you can use ULA addresses for now and later add GUA ipv6 addresses. ULAs are meant to be used when you only have a dynamic ipv6 prefix so that internal devices can have ipv6 internet (GUA) while also having a static ipv6 address(ULA).

Use ULA addresses for hosts inside your LAN, they are static, cannot be used to reach outside your LAN and use IPv6. Then give your server/VPN endpoint a real ipv6, that’s your VPN endpoint. This doesn’t require any nat and can be easily changed to GUA when you want to.

CGnat is a “solution” for running out of ipv4 addresses, it has the same problems as any other nat but the problems are even more noticeable because the out-facing ipv4 address changes more often than the typical home nat configuration and tricks like FTP- and other helpers don’t work as well.

Ipv6 would not only avoid the issues of cgnat, it would avoid cgnat entirely because you don’t need to Nat when you have enough ips.

Most (all?) advantage of ipv6 when compared to ipv4 don’t work behind Nat. Thus there’s no reason to use it.

Either Nat with ipv4 or don’t Nat with ipv6.

Why did you want to use ipv6 when you don’t want what it represents? (End to end communication/IPs)

Either use ipv6 privacy extension (enabled by default, so this can just be called ipv6) or don’t enable ipv6.

That way you have working ipv6 or wait until you come to your senses. Using nat6 ipv6 isn’t worth it.

It’s working!

Don’t ask about the secret ingredient.

He looked in the mirror