36 lines
919 B
YAML
36 lines
919 B
YAML
---
|
|
|
|
# install nftables
|
|
- name: "routing - install nftables"
|
|
community.general.apk:
|
|
name:
|
|
- "nftables"
|
|
state: "present"
|
|
update_cache: true
|
|
|
|
# enable ipv4 forwarding
|
|
- name: "routing - configure ipv4 forwarding"
|
|
ansible.posix.sysctl:
|
|
name: "net.ipv4.conf.all.forwarding"
|
|
value: "1"
|
|
state: "present"
|
|
sysctl_file: "/etc/sysctl.conf"
|
|
reload: false
|
|
|
|
# disable ipv4 redirects and source routing
|
|
- name: "routing - disable ipv4 redirects and source routing"
|
|
ansible.posix.sysctl:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
state: "present"
|
|
sysctl_file: "/etc/sysctl.conf"
|
|
reload: false
|
|
loop:
|
|
- name: "net.ipv4.conf.all.accept_redirects"
|
|
value: "0"
|
|
- name: "net.ipv4.conf.all.send_redirects"
|
|
value: "0"
|
|
- name: "net.ipv4.conf.all.accept_source_route"
|
|
value: "0"
|
|
- name: "net.ipv4.conf.all.log_martians"
|
|
value: "0"
|