talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Enable ipv6 cluster in the firewall.

Browse Source
This commit is contained in:
Tom Alexander 2025-12-07 14:19:24 -05:00
parent c23a99bd41
commit 613204d9fa
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ansible/roles/firewall/files/mrmanager_pf.conf
View File

@ -69,6 +69,7 @@ pass quick on $allow
# Single interface kubernetes cluster is working with the following run on mrmanager: # Single interface kubernetes cluster is working with the following run on mrmanager:
# doas route add -host 74.80.180.139 -interface jail_nat # doas route add -host 74.80.180.139 -interface jail_nat
# doas route add -net 10.129.0.0/16 -interface jail_nat # doas route add -net 10.129.0.0/16 -interface jail_nat
# ? doas route -6 add -net '2620:11f:7001:7:ffff:ffff:0ad7:0100/120' -interface jail_nat
# doas sysctl net.link.ether.inet.proxyall=1 # doas sysctl net.link.ether.inet.proxyall=1
# Plus this in pf.conf: # Plus this in pf.conf:
# pass quick from any to 74.80.180.139 # pass quick from any to 74.80.180.139
@ -78,6 +79,10 @@ pass in on jail_nat
# Allow traffic from my machine to the jails/virtual machines # Allow traffic from my machine to the jails/virtual machines
pass out on jail_nat from (jail_nat:network) pass out on jail_nat from (jail_nat:network)
#pass quick in on $ext_if proto {tcp6, udp6} from any to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
pass in quick on $ext_if from any to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
pass out quick on jail_nat to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
pass in on $ext_if proto tcp to any port $tcp_pass_in pass in on $ext_if proto tcp to any port $tcp_pass_in
pass in on $ext_if proto udp to any port $udp_pass_in pass in on $ext_if proto udp to any port $udp_pass_in