Enable ipv6 cluster in the firewall.

2025-12-07 14:19:24 -05:00 · 2025-12-07 14:19:24 -05:00 · 613204d9fa
commit 613204d9fa
parent c23a99bd41
1 changed files with 5 additions and 0 deletions
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@ -69,6 +69,7 @@ pass quick on $allow
 # Single interface kubernetes cluster is working with the following run on mrmanager:
 #   doas route add -host 74.80.180.139 -interface jail_nat
 #   doas route add -net 10.129.0.0/16 -interface jail_nat
+#   ? doas route -6 add -net '2620:11f:7001:7:ffff:ffff:0ad7:0100/120' -interface jail_nat
 #   doas sysctl net.link.ether.inet.proxyall=1
 # Plus this in pf.conf:
 #   pass quick from any to 74.80.180.139
@ -78,6 +79,10 @@ pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines
 pass out on jail_nat from (jail_nat:network)

+#pass quick in on $ext_if proto {tcp6, udp6} from any to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
+pass in quick on $ext_if from any to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
+pass out quick on jail_nat to 2620:11f:7001:7:ffff:ffff:0ad7:0100/120
+

 pass in on $ext_if proto tcp to any port $tcp_pass_in
 pass in on $ext_if proto udp to any port $udp_pass_in