Update for rebuild of mrmanager.

ansible/roles/firewall/files/mrmanager_pf.conf

@@ -3,7 +3,7 @@ not_ext_if = "{ !lagg0 }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
 # pub_k8s = "{ 74.80.180.136/29, !74.80.180.138 }"
-pub_k8s = "{ 74.80.180.137, 74.80.180.139, 74.80.180.140, 74.80.180.141, 74.80.180.142 }"
+pub_k8s = "{ 74.80.180.137, 74.80.180.139, 74.80.180.140, 74.80.180.141, 74.80.180.142, 2620:11f:7001:7:ffff:dddd::/112 }"
 
 dhcp = "{ bootpc, bootps }"
 allow = "{ colo }"
@@ -35,6 +35,7 @@ scrub in on $ext_if all fragment reassemble
 # redirections
 nat on $ext_if inet from ! ($ext_if) to ! ($ext_if) -> ($ext_if)
 rdr pass on jail_nat proto {tcp, udp} from any to 10.215.1.1 port 53 tag REDIREXTERNAL -> 1.1.1.1 port 53
+rdr pass on jail_nat proto {tcp, udp} from any to 2620:11f:7001:7:ffff:ffff:0ad7:0101 port 53 tag REDIREXTERNAL -> 2606:4700:4700::1111 port 53
 
 rdr pass on $ext_if proto {tcp, udp} to ($ext_if) port 6443 tag REDIRINTERNAL -> 10.215.1.204 port 6443
 rdr pass on jail_nat proto {tcp, udp} to ($ext_if) port 6443 tag REDIRINTERNAL -> 10.215.1.204 port 6443
@@ -69,8 +70,10 @@ pass quick on $allow
 # Single interface kubernetes cluster is working with the following run on mrmanager:
 #   doas route add -host 74.80.180.139 -interface jail_nat
 #   doas route add -net 10.129.0.0/16 -interface jail_nat
-#   ? doas route -6 add -net '2620:11f:7001:7:ffff:ffff:0ad7:0100/120' -interface jail_nat
-#   ? doas ifconfig jail_nat inet6 2620:11f:7001:7:ffff:ffff:0ad7:0101/120
+#   doas route -6 add -net '2620:11f:7001:7:ffff:ffff:0ad7:0100/120' -interface jail_nat
+#   doas route -6 add -net '2620:11f:7001:7:ffff:eeee::/96' -interface jail_nat
+#   doas route -6 add -net '2620:11f:7001:7:ffff:dddd::/112' -interface jail_nat
+#   doas ifconfig jail_nat inet6 2620:11f:7001:7:ffff:ffff:0ad7:0101/120
 #   doas sysctl net.link.ether.inet.proxyall=1
 # Plus this in pf.conf:
 #   pass quick from any to 74.80.180.139