From 6e493c9131bfd9ac2c2ca310220a6bd9c660d5e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 30 Apr 2023 18:42:08 -0400 Subject: [PATCH] network/tasks/install.yml: Clarify 4 sysctl vars --- roles/network/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index c41f88a09..bb8b9592f 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -55,11 +55,11 @@ name: "{{ item.name }}" value: "{{ item.value }}" with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet; Default: 0 - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2 - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1 - #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled; Default: 0 + - { name: 'net.ipv4.ip_forward', value: '1' } # Default: 0. Masquerading LAN->Internet + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter) + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router); Default: 1 + #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6 #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE