Linux kernel's repo displayed using Onefetch
https://redd.it/g1316o
@r_linux

fwupd 1.4.0 released | Linux Vendor Firmware Service
https://github.com/fwupd/fwupd/releases/tag/1.4.0

https://redd.it/g138po
@r_linux

[PATCH resend] fat: Improve the readahead for FAT entries
https://lore.kernel.org/lkml/87d08e1dlh.fsf@mail.parknet.co.jp/#t

https://redd.it/g12z36
@r_linux

Linux and redhat influence

Hey there,
in the last years I seen one of the most important contributor of linux and open source, redhat, release many important projects like systemd, Gnome, glusterfs and many other and contribution to other projects/tools (see these list [contribution](https://www.redhat.com/en/about/open-source-program-office/contributions).

Many of this projects now are present in many (if not all) Linux distributions (see systemd) and the influence of redhat is spreading, not only in rhel, centos, fedora and derivates but also in many Linux distribution. The influence of redhat is, in some way, addressing the future of Linux and development direction. Distro that are on the other side, like debian family, Suse family are, in some way, affected by the huge contribution/development of redhat in the open source world.

This is not so bad, because most of this project are very usefull and powerfull but on the other side many users could see this like a bad thing where at the end all distro are affected. In each distro there is a piece of something where redhat give its contribution.

What do you think about it?


It' s a bad or a good thing?

https://redd.it/g10x7t
@r_linux

Linux server side port forwarding?

I know this is not purely a linux question but my server is a DO 18.04.3. my Domain is with Godaddy. I run a couple of things on it. A Sync Server running Resilio-Sync, My Unifi and UNMS controllers. Everything works great. However to access some of my stuff i keep having to type in the port... its kind of a pain....

I have three sub domains:
unifi.mydomain.com
unms.mydomain.com
sync.mydomain.com

However, each one has a different port. so for right now the subdomains are kind of pointless (other than the devices that report back to the server use the subdomains. Anyways..... What can i setup on the server side to recognize the incoming subdomain and forward it to the correct port? I tried searching for something but im pretty sure im just using the wrong keywords.

https://redd.it/g16gop
@r_linux

The proc filesystem yummy!
https://opensource.com/article/20/4/proc-filesystem

https://redd.it/g17dig
@r_linux

[Issue] Broadcom BCM43602 N/W after Suspend

Hey guys! Looking for a stable driver for BCM43602 \[14e4:43ba\]

I'm a total linux nub, although I'm definitely enjoying the learning experience. After a few suspends the wifi card just stops working. The network manager is still available (and happily restarts) but down't show any wireless networks. Restarting the NM has no effect. Manually scanning for networks via the terminal doesn't do anything. The only remedy appears to be a full reset of the machine, which you can probably imagine, is very annoying!! Needing some help with this, it is my only niggle with the whole experience. For your info I am running Ubuntu 20.04 with the 5.4.0-21generic kernel on a MacBook Pro 12,1 (early 2015 I think). Hope somebody can come up with a solution, either that or priovide a link to another thread that I may have blindly missed while I trawled through the depths of the net for the last week or so. Cheers!!!

\-----------------------------------------------

.-/+oossssoo+/-. lewis@Lewis-Linux

\`:+ssssssssssssssssss+:\` -----------------

\-+ssssssssssssssssssyyssss+- OS: Ubuntu Focal Fossa (development

.ossssssssssssssssssdMMMNysssso. Host: MacBookPro12,1 1.0

/ssssssssssshdmmNNmmyNMMMMhssssss/ Kernel: 5.4.0-21-generic

\+ssssssssshmydMMMMMMMNddddyssssssss+ Uptime: 10 mins

/sssssssshNMMMyhhyyyyhmNMMMNhssssssss/ Packages: 2663 (dpkg), 4 (flatpak),

.ssssssssdMMMNhsssssssssshNMMMdssssssss. Shell: bash 5.0.16

\+sssshhhyNMMNyssssssssssssyNMMMysssssss+ Resolution: 1920x1200

ossyNMMMNyMMhsssssssssssssshmmmhssssssso DE: GNOME

ossyNMMMNyMMhsssssssssssssshmmmhssssssso WM: Mutter

\+sssshhhyNMMNyssssssssssssyNMMMysssssss+ WM Theme: Adwaita

.ssssssssdMMMNhsssssssssshNMMMdssssssss. Theme: Yaru-dark \[GTK2/3\]

/sssssssshNMMMyhhyyyyhdNMMMNhssssssss/ Icons: Yaru \[GTK2/3\]

\+sssssssssdmydMMMMMMMMddddyssssssss+ Terminal: gnome-terminal

/ssssssssssshdmNNNNmyNMMMMhssssss/ CPU: Intel i5-5257U (4) @ 3.100GHz

.ossssssssssssssssssdMMMNysssso. GPU: Intel Iris Graphics 6100

\-+sssssssssssssssssyyyssss+- Memory: 3488MiB / 7864MiB

\`:+ssssssssssssssssss+:\`

.-/+oossssoo+/-.

https://redd.it/g19en5
@r_linux

Linux's consumer market share is about 40%!!

Definitions:

Linux = Linux Kernel

Linux System = Desktop / workstation / laptop running an operating system that uses the Linux Kernel

Consumer market share = non server operating system market share

​

Linux now makes up around 40% of all consumer marketshare!!! This is due to Android using the Linux Kernel and an increasing popularity of the Linux System. For reference, Windows (Windows NT) only makes up 34.96% of all consumer market share! This makes Linux the most popular kernel!!

Source: [https://gs.statcounter.com/os-market-share](https://gs.statcounter.com/os-market-share) | Number calculated by doing Android market share percentage + Linux market share percentage

https://redd.it/g19483
@r_linux

An anonymous secure messaging system built for Linux.
https://github.com/MutexUnlocked/congenial-zephyr

https://redd.it/g1b0i4
@r_linux

Boot Debian on a smartphone using fastboot?
https://wiki.debian.org/ChrootOnAndroid

https://redd.it/g1d1dm
@r_linux

GitHub is now free for teams
https://github.blog/2020-04-14-github-is-now-free-for-teams/

https://redd.it/g1bt9y
@r_linux

Windows Subsystem for Linux 2 Moving into General Availability with Improved Update Process
https://www.infoq.com/news/2020/04/wsl-2-general-availability/

https://redd.it/g1es5n
@r_linux

Looking for a specific tablet.

Hello, bit of a strange request I know but...

I am looking for a linux tablet (with working touch screen) that has a sim card slot or a USB port to use a 4G usb dongle, is there anything like this on the market? TIA.

https://redd.it/g1f25o
@r_linux

The Abstract Applications

Hi everybody! I'm one of the Abstract Developers. We are making two Linux application in Qt: a very simple office suite intended to be familiar of O365 users (O20, [https://flathub.org/apps/details/io.gitlab.o20.word](https://flathub.org/apps/details/io.gitlab.o20.word)); and a suite of abstract, strategy, and arcade games (Abstract Games, [https://snapcraft.io/abstractgames](https://snapcraft.io/abstractgames)). They were specially developed for the KDE desktop, but should work on any linux system. If you're interested, then please install them and tell us what you think. ;)

Full denoscription here: [https://www.reddit.com/r/kde/comments/g1bq1j/the\_abstract\_apps/](https://www.reddit.com/r/kde/comments/g1bq1j/the_abstract_apps/).

I'm sorry if this sounded too much like an ad. This is not supposed to convince you to use our apps, just to introduce myself and gather feedback about them.

https://redd.it/g1c0oe
@r_linux

What is your Alacritty.yml file like?

I was wondering how many people use Alacritty and how they have it configured. So, if anyone wants to paste their Alacritty.yml file I’d be interested to see what it looks like. Also, I’m very lazy and don’t want to have to change it.

https://redd.it/g1j1pw
@r_linux

Weekly Questions and Hardware Thread - April 15, 2020

Welcome to r/linux! If you're new to Linux or trying to get started this thread is for you. Get help here or as always, check out r/linuxquestions or r/linux4noobs

This megathread is for all your question needs. As we don't allow questions on r/linux outside of this megathread, please consider using r/linuxquestions or r/linux4noobs for the best solution to your problem.

Ask your hardware requests here too or try r/linuxhardware!

https://redd.it/g1kpsw
@r_linux

Aspectos a tener en cuenta para adquirir sistemas de cómputo

Los sistemas de computación conllevan una gran cantidad de aspectos y características que deben de evaluarse antes de su compra, algunos de estos son: tipo de equipo, su función, ciclo de vida del sistema operativo seleccionado, estabilidad, compatibilidad y costos.

[https://www.elconspirador.com/2020/04/15/aspectos-a-tener-en-cuenta-para-adquirir-sistemas-de-computo/](https://www.elconspirador.com/2020/04/15/aspectos-a-tener-en-cuenta-para-adquirir-sistemas-de-computo/)

https://redd.it/g1l842
@r_linux

Using libpst to convert PST to MBOX, and understanding Thunderbird's folder structure
https://www.flawlessrhetoric.com/Using-libpst-to-convert-PST-to-MBOX,-and-understanding-Thunderbird's-folder-structure

https://redd.it/g1nhn2
@r_linux

Akademy 2020 will be online. From September 4 to September 11 we'll be holding talks, panels, workshops and BoFs on KDE projects and applications, Plasma, Plasma Mobile, coding, contributing and more for everybody
https://akademy.kde.org/2020

https://redd.it/g1o6tz
@r_linux

Linux host firewalls and Docker containers (IPv4 and IPv6)

I recently tried to set up a cloud server with some basic Nginx reverse proxy in Docker. Before that I thought that Docker and Linux firewalls would just work together flawlessly but I was wrong and some research was required to find a maintainable and elegant solution that doesn't break on firewall and container restarts.



# Issue

I used firewalld in the past because it just worked for me. While setting up the server I allowed traffic for my custom SSH port and nothing else. That worked. Then I set up my Nginx reverse proxy. After that I could also access ports 80 and 443 because I mapped those ports in my docker-compose.yaml. But wait a minute I didn't enable those ports in my firewall, why does that work? What if I want to apply more filters to those connections? I want a centralized and easy to understand view of my open ports. When I looked into firewall-cmd --list-all-zones, iptables -L and iptables-save it was all rather complicated and unmanageable.



# First part of the solution for IPv4

I found this GitHub issue and was a bit relieved to see that others noticed that issue (https://github.com/firewalld/firewalld/issues/461). And I also found several posts about similar issues with ufw. There was a link to a possible solution which inspired me to implement it the way I did: https://unrouted.io/2017/08/15/docker-firewall/

What seems to cause the issue is that Docker does quite a lot with plain old iptables rules which doesn't go that well with other firewall management solutions.

So the solution is going back to also manually only work with just iptables as the linked post suggests. Short summary of the article (but I recommend you to read it): Everything going to Docker doesn't go through the INPUT chain but only the FORWARD chain. Docker will heavily change the FORWARD chain so we won't touch that to not break Docker on firewall reloads. But Docker offers a chain DOCKER-USER which is inserted first into the FORWARD chain and where nothing is automatically inserted so we can work with that. But we want only one firewall chain to manage INPUT and DOCKER-USER. So we create a chain FILTERS that is the target for DOCKER-USER and INPUT. That way we can put all our firewall rules there.

We create a configuration and later a custom systemd service to apply it. First the configuration for iptables. Put this in e.g. `/etc/iptables/iptables.conf`.

*filter
# all our chains with their default actions
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FILTERS - [0:0]
:DOCKER-USER - [0:0]

# first flush all chains that we will touch to have a clean setup
-F INPUT
-F DOCKER-USER
-F FILTERS

# accept local loopback traffic and if you want it also ping otherwise remove
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type any -j ACCEPT
# the important part, go to chain FILTERS
-A INPUT -j FILTERS

# when something comes into the external interface to the FORWARD chain
# (which will first put it into the DOCKER-USER chain), also use chain FILTERS
-A DOCKER-USER -i YOUR_EXTERNAL_INTERFACE_NAME_ETH0 -j FILTERS

# our firewall rules go here, I allowed ping
# first accept all packets for ESTABLISHED and RELATED connection states
-A FILTERS -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# now all our firewall rules that will apply to our host listening to ports
# as well as Docker hosts listening, just some examples
-A FILTERS -m conntrack --ctstate NEW -s 1.2.3.4/32 -m tcp -p tcp --dport 22 -j ACCEPT
-A FILTERS -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A FILTERS -j DROP

COMMIT


# Second part of the solution for IPv6

If you now disable and stop your firewall service like firewalld and apply this configuration you have an issue that isn't mentioned in the article: If your host has a public IPv6 address, it is now completely unprotected. All chains on ACCEPT by default. You can access all docker hosts because the

traffic first goes through the ip6tables and then through the FORWARD chain of the iptables but then it will already look like it came from the internal dynamic Docker bridge interface and we don't filter for it because we only filtered for the external interface. This took me a while to figure it out because the first step will obviously not appear in your IPv4 iptables LOG if you use it.

Docker doesn't change anything in your IPv6 firewall configuration and all incoming traffic only needs to go through the INPUT chain. So we need a separate configuration for IPv6, e.g. `/etc/iptables/ip6tables.conf`. I'll apply the same configuration here as above.

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-F INPUT
-F FORWARD
-F OUTPUT

-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m conntrack --ctstate NEW -s 1.2.3.4/32 -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT

COMMIT

Now we also have protected IPv6. Yes these are 2 configuration files and you could certainly automate the shared part of those two. But it's a really simple policy and you only need to take care of certain parts so that's OK for me.



# Putting it all together

Now we just need the systemd service (or a similar noscript for whatever init system you're on). E.g. `/etc/systemd/system/iptables.service`:

[Unit]
Denoscription=Restore iptables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStartPre=/sbin/ip6tables-restore -n /etc/ip6tables.conf
ExecStart=/sbin/iptables-restore -n /etc/iptables.conf

[Install]
WantedBy=multi-user.target

Disable you're current firewall service now, e.g.

sudo systemctl stop firewalld
sudo systemctl disable firewalld


Now we load, start and enable our service:

sudo systemctl daemon-reload
sudo systemctl start iptables
sudo systemctl enable iptables

For every firewall change you want to perform, change the iptables.conf and ip6tables.conf and restart your iptables service:

sudo systemctl restart iptables

Nothing will break for any reloads or restarts. Docker service restarts, iptables service restarts, container runs etc., it will stay the way you configured it.


I hope this helps you in setting this up as much as the article helped me. And now I'll try to find out how the f%#* libvirt firewall rules are put together...

https://redd.it/g1oi2a
@r_linux