[10:18:04] <XioNoX>	 "At this time we believe the impact to be related to lightning strikes in the Charlotte area hitting OPGW fiber and causing a fast polarization event."
[10:26:26] <vgutierrez>	 /o\
[10:26:36] <vgutierrez>	 the gods are sending us signals
[15:01:59] <chaomodus>	 why did we ever give those guys lightning
[16:32:01] <mutante>	 do we still use iptables on buster? since i upgraded my laptop to buster now i realized ..oh right.. it is using nftables now instead of iptables.. but you can switch between them with update-alternatives
[16:32:43] <mutante>	 wiki.nftables.org seems down .. good start
[16:32:48] <mutante>	 # update-alternatives --set iptables /usr/sbin/iptables-legacy
[16:33:32] <mutante>	 and yea, i remember we had i believe Arturo's ticket about that since a while ago
[16:33:50] <mutante>	 yes https://phabricator.wikimedia.org/T187994
[16:42:46] <bd808>	 I think a.rturo would be pretty excited to help evaluate and plan a migration to nftables
[16:44:52] <mutante>	 alright, i'll start with a fresh ticket comment how things may have changed meanwhile
[16:53:01] <chaomodus>	 does ferm support nftables
[17:03:14] <mutante>	 as a.rturo said before we would probably end up with "ferm -> iptables -> nftables"
[17:03:20] <mutante>	 which might not make a lot of sense
[17:03:30] <mutante>	 iptables would use nftables in the background
[17:04:00] <mutante>	 hmm https://github.com/MaxKellermann/ferm/issues/35
[17:04:18] <mutante>	 this guy says " nftables copies many of ferm's ideas, which makes ferm obsolete in my opinion."
[17:05:28] <mutante>	 maybe the question is instead if puppet will support nftables
[17:08:55] <mutante>	 https://forge.puppet.com/puppetlabs/firewall/changelog
[17:12:59] <chaomodus>	 Mh yah
[17:13:15] <chaomodus>	 that makes sense
[17:13:21] <chaomodus>	 it seems to copy some of the concepts
[21:45:46] <cdanis>	 made some changes to the overall document, but mostly added this section: https://wikitech.wikimedia.org/wiki/Incident_response#When_complexity_demands_explicit_coordination:_incident_coordinators
[21:46:04] <cdanis>	 basically what the google doc we talked about at Dublin said, but it's on the wiki now
[22:38:55] <paravoid>	 mutante: in buster there is even less of a reason to switch to nftables
[22:39:58] <paravoid>	 as there is a CLI that remains the same but using nft
[22:48:12] <paravoid>	 (responded on task)
[23:05:41] <mutante>	 paravoid: i was aware that the userspace tool is separate from the kernel subsystem, i just thought we might want to avoid the "ferm -> iptables -> nf_tables" situation per previous comment on the ticket "(we) might end using ferm->iptables->nf_tables, which doesn't make a lot of sense to me". and it was in response to "we can discuss further when Debian Buster is released (and we start using
[23:05:47] <mutante>	 it).". but i get it, little benefit to switch, alright