From bb3c63e32123e46dd543f8b1eada5e0f617d8ef4 Mon Sep 17 00:00:00 2001
From: DonEstefan <8457107+DonEstefan@users.noreply.github.com>
Date: Wed, 30 Nov 2022 16:13:25 +0100
Subject: [PATCH] fix IPv6 hardening (#607)

Signed-off-by: DonEstefan <donestefan@users.noreply.github.com>

Signed-off-by: DonEstefan <donestefan@users.noreply.github.com>
Co-authored-by: donestefan <donestefan@users.noreply.github.com>
---
 roles/os_hardening/defaults/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/os_hardening/defaults/main.yml b/roles/os_hardening/defaults/main.yml
index 153ed49db..ed61f104f 100644
--- a/roles/os_hardening/defaults/main.yml
+++ b/roles/os_hardening/defaults/main.yml
@@ -261,6 +261,7 @@ sysctl_config:
 
   # Disable acceptance of IPv6 router solicitations messages | sysctl-21
   net.ipv6.conf.default.router_solicitations: 0
+  net.ipv6.conf.all.router_solicitations: 0
 
   # Disable Accept Router Preference from router advertisement | sysctl-22
   net.ipv6.conf.default.accept_ra_rtr_pref: 0
@@ -273,6 +274,7 @@ sysctl_config:
 
   # Disable IPv6 autoconfiguration | sysctl-26
   net.ipv6.conf.default.autoconf: 0
+  net.ipv6.conf.all.autoconf: 0
 
   # Disable neighbor solicitations to send out per address | sysctl-27
   net.ipv6.conf.default.dad_transmits: 0