Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Not accepting source routing for IPv6. This was already done for IPv4. (#424)

Browse source 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
This commit is contained in:
Farid Joubbi 2021-03-24 07:55:29 +01:00 committed by GitHub
parent dfa89f7b47
commit d1143a06b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/os_hardening/defaults/main.yml
View file

@ -202,6 +202,8 @@ sysctl_config:
# so disable it if not needed. | sysctl-13
net.ipv4.conf.all.accept_source_route: 0
net.ipv4.conf.default.accept_source_route: 0
net.ipv6.conf.all.accept_source_route: 0
net.ipv6.conf.default.accept_source_route: 0
# For non-routers: don't send redirects.
# An attacker could use a compromised host to send invalid ICMP redirects to other