Christopher Causer's questions

With the following setup:

#!/usr/sbin/nft -f
add table ip filter
add chain ip filter input { type filter hook input priority 0; }
add set   ip filter nat-group-1 { type ipv4_addr; }
add set   ip filter nat-group-2 { type ipv4_addr; }
add set   ip filter nat-group-3 { type ipv4_addr; }
add set   ip filter nat-group-4 { type ipv4_addr; }
add set   ip filter nat-group-5 { type ipv4_addr; }
add rule  ip filter input ip saddr @nat-group-1 tcp dport 22 drop
add table ip nat
add chain ip nat postrouting {type nat hook postrouting priority srcnat; policy accept; }
add rule  ip nat postrouting ip saddr @nat-group-1 snat to 192.168.1.0/24 persistent
add rule  ip nat postrouting ip saddr @nat-group-2 snat to 192.168.2.0/24 persistent

I get the error message

Error: No such file or directory; did you mean set ‘nat-group-1’ in table ip ‘filter’?

I do not know how to reference a set from another table. Is this possible? Suspect one can get around this issue by duplicating the set in the two tables, but the error message makes me hopeful that there is some syntax that I'm not aware of.

I will be referencing the set in both tables.

The high-level overview is this: I have an Impish Ubuntu server with two interfaces, addresses of 172.16.2.103/24 and 10.1.2.10/24. I would like default traffic to go via the gateway 172.16.2.254. However, when I specify a source address of 10.1.2.10 I want it to have a gateway of 10.1.2.254. What follows works 99% of the time, but I wish for the kernel to select the source IP 172.16.2.103 even when contacting 10.1.2.0/24. This was possible in /etc/networks/interfaces but I haven't been able to figure it out using netplan.

This is what I have in my netplan config:

network:
  ethernets:
    ens160:
      addresses:
      - 172.16.2.103/24
      routes:
      - to: 0.0.0.0/0
        via: 172.16.2.254
      nameservers:
        addresses:
        - 10.1.2.1
        search:
        - localdomain
      optional: yes
    ens192:
      addresses:
      - 10.1.2.10/24
      routing-policy:
      - from: 10.1.2.10
        table: 10
      routes:
      - to: 0.0.0.0/0
        via: 10.1.2.254
        table: 10
      optional: yes
  version: 2

As I say this works fine mostly. I have a routing-policy (aka ip rule) which means that if I change the source address of packets I look up the 10 routing table. However, there is an additional route I wish to remove from main.

This is what I have when I check out the routing tables:

IN1:  me@host:~$ ip route
OUT1: default via 172.16.2.254 dev ens160 proto static
OUT2: 172.16.2.0/24 dev ens160 proto kernel scope link src 172.16.2.103
OUT3: 10.1.2.0/24 dev ens192 proto kernel scope link src 10.1.2.10

IN2:  me@host:~$ ip route list table 10
OUT5: default via 10.1.2.254 dev ens192 proto static

I would like the OUT3 removed, or more accurately moved into the 10 routing table, so that there is no layer2 link to 10.1.2.0/24 in the main routing table. I can do it manually thus:

me@host:~$ sudo ip route del 10.1.2.0/24 dev ens192

But I cannot see how to embed that in netplan. Previously I would have added an up statement to /etc/network/interfaces but that's not an option any more.

Thanks in advance.

I have an ssh key in ssh-agent set with a lifetime of 10 minutes. I want this 10 minutes to be the time since it was last used to successfully authenticate into a host. There's nothing immediately popping out in the man pages, so I'm wondering if it's been attempted via scripts or similar elsewhere.

The driver for this is that I have a key protected with a password. When I'm at my desk SSHing here there and everywhere I want the key in the agent so I don't have to continually put in the passphrase, but I also want it to expire on inactivity, similar to a screensaver.

I'm finding the information for this quite difficult to come by, but it seems like an important feature of a RAID system: what happens immediately after a disk fails for BTRFS?

For my hardware RAID systems, I'm alerted to the fact that a disk has failed, but the system keeps running and I can hot-swap the disk without any downtime. When I tried RAID1 with BTRFS and a disk failed, the entire system crashed and I couldn't mount the system in degraded without risking making it permanently read-only. I believe this limitation is gone since Linux 4.14 but still it was anything but a slick experience.

The official BTRFS wiki does not explain what happens immediately after a complete disk failure, but there is a sentence saying you will need to mount in a degraded state. Is that not automatic?

There are SO questions about BTRFS and disk failure, but they all seem to imply you need to remount the disk after the failure event (i.e. stuff doesn't just keep running). Is it possible to keep things going while making it invisible to the services making use of the disk, like with the hardware RAIDs that I've used in the past?

Since I'm asking this question, I may as well ask: if BTRFS cannot do it, are there other options like mdadm or ZFS that do offer always-up service during disk failure?