From 6691410f945719e62601c3d69d9b2ff9c4cfb4fb Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 4 Jan 2024 12:59:39 +0100
Subject: Base system.

---
 tasks/sysctl.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 tasks/sysctl.yml

(limited to 'tasks/sysctl.yml')

diff --git a/tasks/sysctl.yml b/tasks/sysctl.yml
new file mode 100644
index 0000000..0f0a985
--- /dev/null
+++ b/tasks/sysctl.yml
@@ -0,0 +1,22 @@
+- name: Configure network-related sysctl.conf(5).
+  sysctl: name={{ item.key }} value={{ item.val }}
+          sysctl_file=/etc/sysctl.d/network.conf reload=true
+  with_items:
+    - { key: net.ipv4.tcp_timestamps,                   val: 0  }
+    - { key: net.ipv4.conf.default.accept_source_route, val: 0  }
+    - { key: net.ipv4.conf.default.send_redirects,      val: 0  }
+    - { key: net.ipv4.conf.all.accept_source_route,     val: 0  }
+    - { key: net.ipv4.conf.all.send_redirects,          val: 0  }
+    - { key: net.ipv6.conf.default.autoconf,            val: 0  }
+    - { key: net.ipv6.conf.default.accept_ra,           val: 0  }
+    - { key: net.ipv6.conf.default.accept_ra_defrtr,    val: 0  }
+    - { key: net.ipv6.conf.default.accept_ra_rtr_pref,  val: 0  }
+    - { key: net.ipv6.conf.default.accept_ra_pinfo,     val: 0  }
+    - { key: net.ipv6.conf.default.accept_source_route, val: 0  }
+    - { key: net.ipv6.conf.all.autoconf,                val: 0  }
+    - { key: net.ipv6.conf.all.accept_ra,               val: 0  }
+    - { key: net.ipv6.conf.all.accept_ra_defrtr,        val: 0  }
+    - { key: net.ipv6.conf.all.accept_ra_rtr_pref,      val: 0  }
+    - { key: net.ipv6.conf.all.accept_ra_pinfo,         val: 0  }
+    - { key: net.ipv6.conf.all.accept_source_route,     val: 0  }
+    - { key: net.ipv6.conf.all.accept_redirects,        val: 0  }
-- 
cgit v1.2.3