Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

ignore RAs on Ipv6

Browse source 
See: https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
This commit is contained in:
Sebastian Gumprich 2015-05-28 18:48:33 +00:00 committed by Christoph Hartmann
parent e3ff097a51
commit 1782dbf3fa
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/ansible-os-hardening/tasks/sysctl.yml
View file

@ -13,6 +13,12 @@
sysctl: name='net.ipv6.conf.all.forwarding' value=1 sysctl_set=yes state=present reload=yes ignoreerrors=yes
when: os_network_forwarding and os_network_ipv6_enable
- name: ignore RAs on Ipv6
sysctl: name='net.ipv6.conf.all.accept_ra' value=0 sysctl_set=yes state=present reload=yes ignoreerrors=yes
- name: ignore RAs on Ipv6
sysctl: name='net.ipv6.conf.default.accept_ra' value=0 sysctl_set=yes state=present reload=yes ignoreerrors=yes
- name: Enable RFC-recommended source validation feature.
sysctl: name='net.ipv4.conf.all.rp_filter' value=1 sysctl_set=yes state=present reload=yes ignoreerrors=yes