diff --git a/ansible/environments/laptop/host_vars/odofreebsd b/ansible/environments/laptop/host_vars/odofreebsd
index 6be197c..322d499 100644
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@@ -9,6 +9,7 @@ pf_config: "odofreebsd_pf.conf"
 pflog_conf:
  - name: 0
    dev: pflog0
+prefer_ipv6: true
 dummynet_config: "dnctl.conf"
 network_rc: "odofreebsd_network.conf"
 rc_conf: "odofreebsd_rc.conf"
@@ -41,6 +42,7 @@ users:
 devfs_rules: "odo_devfs.rules"
 jail_zfs_dataset: zroot/freebsd/current/jails
 jail_zfs_dataset_mountpoint: /jail
+jail_canmount: "on"
 jail_list:
   - name: nat_dhcp
     enabled: true
diff --git a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
index b95e55a..c1bb261 100644
--- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
+++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
@@ -105,7 +105,8 @@ function start_vm {
     local bridge_name="$BRIDGE_NAME"
     local ip_range="$IP_RANGE" # for raw this value does not matter
 
-    local mac_address=$(calculate_mac_address "$name")
+    local mac_address
+    mac_address=$(calculate_mac_address "$name")
 
     local additional_args=()
 
@@ -245,7 +246,8 @@ function ng_exists {
 
 function calculate_mac_address {
     local name="$1"
-    local source=$(md5 -r -s "$name" | awk '{print $1}')
+    local source
+    source=$(md5 -r -s "$name" | awk '{print $1}')
     echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
 }
 
diff --git a/ansible/roles/firefox/defaults/main.yaml b/ansible/roles/firefox/defaults/main.yaml
index fca1a5d..a928558 100644
--- a/ansible/roles/firefox/defaults/main.yaml
+++ b/ansible/roles/firefox/defaults/main.yaml
@@ -13,3 +13,11 @@ firefox_config:
   browser.newtabpage.activity-stream.feeds.section.topstories: false
   browser.newtabpage.pinned: "[]"
   browser.newtabpage.activity-stream.section.highlights.includePocket: false
+  # Disable cache when devtools are open.
+  devtools.cache.disabled: true
+  # Do not track header.
+  privacy.donottrackheader.enabled: true
+  # Tell websites not to share or sell my data.
+  privacy.globalprivacycontrol.enabled: true
+  # Disable "studies" (slice testing)
+  app.shield.optoutstudies.enabled: false
diff --git a/ansible/roles/jail/files/jail_netgraph_bridge.bash b/ansible/roles/jail/files/jail_netgraph_bridge.bash
index 70b9992..68348ee 100644
--- a/ansible/roles/jail/files/jail_netgraph_bridge.bash
+++ b/ansible/roles/jail/files/jail_netgraph_bridge.bash
@@ -23,11 +23,15 @@ function start_jail {
     jail_interface_name=$(sanitize_interface_name "$2")
     ip_range="$3"
 
+    local mac_address
+    mac_address=$(calculate_mac_address "$jail_interface_name")
+
     assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
 
     bridge_link_name=$(detect_available_link "${bridge_name}")
     ngctl -d -f - <<EOF
 mkpeer ${bridge_name}: eiface $bridge_link_name ether
+msg ${bridge_name}:$bridge_link_name set $mac_address
 name ${bridge_name}:$bridge_link_name $jail_interface_name
 EOF
     ifconfig $(ngctl msg "${jail_interface_name}:" getifname | grep Args | cut -d '"' -f 2) name "${jail_interface_name}" up
@@ -121,4 +125,11 @@ function sanitize_interface_name {
     echo "${1:0:15}"
 }
 
+function calculate_mac_address {
+    local name="$1"
+    local source
+    source=$(md5 -r -s "$name" | awk '{print $1}')
+    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
+}
+
 main "${@}"
diff --git a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
index 9a42389..e52d0d5 100644
--- a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
+++ b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
@@ -80,13 +80,13 @@
                         "ip-address": "10.215.1.215"
                     },
                     {
-                        // sftp
-                        "hw-address": "58:9c:fc:10:ff:ab",
+                        // sftp - hard-coded in rc.conf, reproduced here to reserve ip
+                        "hw-address": "06:7b:e0:08:16:5d",
                         "ip-address": "10.215.1.216"
                     },
                     {
-                        // bastion
-                        "hw-address": "58:9c:fc:10:ff:a2",
+                        // bastion - hard-coded in rc.conf, reproduced here to reserve ip
+                        "hw-address": "06:ca:1a:10:74:09",
                         "ip-address": "10.215.1.217"
                     }
                 ]
diff --git a/ansible/roles/network/defaults/main.yaml b/ansible/roles/network/defaults/main.yaml
new file mode 100644
index 0000000..de26582
--- /dev/null
+++ b/ansible/roles/network/defaults/main.yaml
@@ -0,0 +1 @@
+prefer_ipv6: false
diff --git a/ansible/roles/network/files/odofreebsd_network.conf b/ansible/roles/network/files/odofreebsd_network.conf
index c3937c0..c80ac42 100644
--- a/ansible/roles/network/files/odofreebsd_network.conf
+++ b/ansible/roles/network/files/odofreebsd_network.conf
@@ -1,3 +1,4 @@
 wlans_iwlwifi0="wlan0"
 ifconfig_wlan0="WPA DHCP"
 ifconfig_wlan0_ipv6="inet6 accept_rtadv"
+ipv6_cpe_wanif="wlan0"
diff --git a/ansible/roles/network/tasks/freebsd.yaml b/ansible/roles/network/tasks/freebsd.yaml
index 7b1434a..3ebab83 100644
--- a/ansible/roles/network/tasks/freebsd.yaml
+++ b/ansible/roles/network/tasks/freebsd.yaml
@@ -42,8 +42,6 @@
     state: present
     sysctl_file: "/etc/sysctl.conf.local"
   loop:
-    - name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC)
-      value: "1"
     - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
       value: "1"
     - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
@@ -58,3 +56,20 @@
     group: wheel
   loop:
     - local_unbound
+
+- name: Prefer ipv6
+  when: prefer_ipv6
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    sysctl_file: "/etc/rc.conf.d/ip6addrctl"
+  loop:
+    - name: ip6addrctl_policy
+      value: "ipv6_prefer"
+
+- name: Don't Prefer ipv6
+  when: not prefer_ipv6
+  file:
+    path: "/etc/rc.conf.d/ip6addrctl"
+    state: absent
diff --git a/ansible/roles/vscode/files/settings.json b/ansible/roles/vscode/files/settings.json
index 1ef45d8..d7f3f06 100644
--- a/ansible/roles/vscode/files/settings.json
+++ b/ansible/roles/vscode/files/settings.json
@@ -33,5 +33,6 @@
   },
   "black-formatter.importStrategy": "fromEnvironment",
   "workbench.statusBar.visible": false,
-  "git.openRepositoryInParentFolders": "never"
+  "git.openRepositoryInParentFolders": "never",
+  "files.autoSave": "afterDelay"
 }