[sysctl-fowarding] Enable IP forwarding on routers

2020-08-16 10:09:29 +02:00 · 2020-08-16 10:09:29 +02:00 · 3b305d4866
parent 53b098e3fb
commit 3b305d4866
3 changed files with 16 additions and 1 deletions
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@ -1,9 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy iproute2 config file
+# Deploy iproute2 and sysctl config files
 - hosts: crans_routeurs
  roles:
    - iproute2
+    - sysctl-forwarding

 # Deploy firewall
 - hosts: crans_routeurs
--- a/roles/sysctl-forwarding/tasks/main.yml
+++ b/roles/sysctl-forwarding/tasks/main.yml
@ -0,0 +1,5 @@
+---
+- name: Deploy sysctl configuration
+  template:
+    src: sysctl.d/10-forwarding.conf.j2
+    dest: /etc/sysctl.d/10-forwarding.conf
--- a/roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2
+++ b/roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2
@ -0,0 +1,9 @@
+{{ ansible_header | comment }}
+
+# Enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1