external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

network/tasks/install.yml: Clarify 4 sysctl vars

Browse source
This commit is contained in:
A Holt 2023-04-30 18:42:08 -04:00 committed by GitHub
parent d768757f7a
commit 6e493c9131
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
roles/network/tasks/install.yml
View file

@ -55,11 +55,11 @@
name: "{{ item.name }}" name: "{{ item.name }}"
value: "{{ item.value }}" value: "{{ item.value }}"
with_items: with_items:
- { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet; Default: 0 - { name: 'net.ipv4.ip_forward', value: '1' } # Default: 0. Masquerading LAN->Internet
- { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2 - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } # Default: 2. Enable Spoof protection (reverse-path filter)
- { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1 - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } # Default: 1. Do not accept IP source route packets (we are not a router); Default: 1
#- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020
- { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled; Default: 0 - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # Default: 0. Disable IPv6
#- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET
#- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE