Skip to content

Commit

Permalink
ignore RAs on Ipv6
Browse files Browse the repository at this point in the history 
See: https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
  • Loading branch information
Sebastian Gumprich committed May 28, 2015
1 parent 3dce747 commit ba6db6e
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions roles/ansible-os-hardening/tasks/sysctl.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@
sysctl: name='net.ipv6.conf.all.forwarding' value=1 sysctl_set=yes state=present reload=yes ignoreerrors=yes
when: os_network_forwarding and os_network_ipv6_enable

- name: ignore RAs on Ipv6
sysctl: name='net.ipv6.conf.all.accept_ra' value=0 sysctl_set=yes state=present reload=yes ignoreerrors=yes

- name: ignore RAs on Ipv6
sysctl: name='net.ipv6.conf.default.accept_ra' value=0 sysctl_set=yes state=present reload=yes ignoreerrors=yes

- name: Enable RFC-recommended source validation feature.
sysctl: name='net.ipv4.conf.all.rp_filter' value=1 sysctl_set=yes state=present reload=yes ignoreerrors=yes

Expand Down

0 comments on commit ba6db6e

Please sign in to comment.