From 613204d9fa34908571842f976c6027fd7a53e82d Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 7 Dec 2025 14:19:24 -0500
Subject: [PATCH] Enable ipv6 cluster in the firewall.

---
 ansible/roles/firewall/files/mrmanager_pf.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf
index 816b29b..064ce12 100644
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@@ -69,6 +69,7 @@ pass quick on $allow
 # Single interface kubernetes cluster is working with the following run on mrmanager:
 #   doas route add -host 74.80.180.139 -interface jail_nat
 #   doas route add -net 10.129.0.0/16 -interface jail_nat
+#   ? doas route -6 add -net '2620:11f:7001:7:ffff:ffff:0ad7:0100/120' -interface jail_nat
 #   doas sysctl net.link.ether.inet.proxyall=1
 # Plus this in pf.conf:
 #   pass quick from any to 74.80.180.139
@@ -78,6 +79,10 @@ pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines
 pass out on jail_nat from (jail_nat:network)
 
+#pass quick in on $ext_if proto {tcp6, udp6} from any to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
+pass in quick on $ext_if from any to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
+pass out quick on jail_nat to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
+
 
 pass in on $ext_if proto tcp to any port $tcp_pass_in
 pass in on $ext_if proto udp to any port $udp_pass_in