From 1782dbf3fa25601384b408d55e819156be1e9270 Mon Sep 17 00:00:00 2001
From: Sebastian Gumprich <sebastian.gumprich@38.de>
Date: Thu, 28 May 2015 18:48:33 +0000
Subject: [PATCH] ignore RAs on Ipv6

See: https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
---
 roles/ansible-os-hardening/tasks/sysctl.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/ansible-os-hardening/tasks/sysctl.yml b/roles/ansible-os-hardening/tasks/sysctl.yml
index 40767fdf..c2b9d88b 100644
--- a/roles/ansible-os-hardening/tasks/sysctl.yml
+++ b/roles/ansible-os-hardening/tasks/sysctl.yml
@@ -13,6 +13,12 @@
   sysctl: name='net.ipv6.conf.all.forwarding' value=1 sysctl_set=yes state=present reload=yes ignoreerrors=yes
   when: os_network_forwarding and os_network_ipv6_enable
 
+- name: ignore RAs on Ipv6
+  sysctl: name='net.ipv6.conf.all.accept_ra' value=0 sysctl_set=yes state=present reload=yes ignoreerrors=yes
+
+- name: ignore RAs on Ipv6
+  sysctl: name='net.ipv6.conf.default.accept_ra' value=0 sysctl_set=yes state=present reload=yes ignoreerrors=yes
+
 - name: Enable RFC-recommended source validation feature.
   sysctl: name='net.ipv4.conf.all.rp_filter' value=1 sysctl_set=yes state=present reload=yes ignoreerrors=yes