network/tasks/install.yml: Clarify 4 sysctl vars

2025-02-14 20:22:08 +00:00 · 2023-04-30 18:42:08 -04:00 · 2023-04-30 18:42:08 -04:00 · 6e493c9131
commit 6e493c9131
parent d768757f7a
1 changed files with 5 additions and 5 deletions
--- a/roles/network/tasks/install.yml
+++ b/roles/network/tasks/install.yml
@ -55,11 +55,11 @@
    name: "{{ item.name }}"
    value: "{{ item.value }}"
  with_items:
-    - { name: 'net.ipv4.ip_forward', value: '1' }  # Masquerading LAN->Internet; Default: 0
-    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }                  # Default: 2
-    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }        # Default: 1
-    #- { name: 'net.ipv4.tcp_syncookies', value: '1' }  # Very standard in 2020
-    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled; Default: 0
+    - { name: 'net.ipv4.ip_forward', value: '1' }                          # Default: 0.  Masquerading LAN->Internet
+    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }              # Default: 2.  Enable Spoof protection (reverse-path filter)
+    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }    # Default: 1.  Do not accept IP source route packets (we are not a router); Default: 1
+    #- { name: 'net.ipv4.tcp_syncookies', value: '1' }               # Very standard in 2020
+    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }               # Default: 0.  Disable IPv6
    #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }    # AUTO-SET
    #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }         # BY ABOVE