From 4fe189f2488e553c385da72f5ed38d848e5e5ab8 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Tue, 28 Jun 2022 23:12:03 +0200
Subject: [PATCH] [proxy] Enable IP forwarding and ARP and NDP proxies

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 group_vars/arpproxy.yml       |  2 ++
 plays/arpproxy.yml            |  1 +
 roles/arpproxy/tasks/main.yml | 22 ++++++++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 roles/arpproxy/tasks/main.yml

diff --git a/group_vars/arpproxy.yml b/group_vars/arpproxy.yml
index 172e0743..f5db4b2a 100644
--- a/group_vars/arpproxy.yml
+++ b/group_vars/arpproxy.yml
@@ -9,3 +9,5 @@ glob_service_proxy:
   cron:
     frequency: "* * * * *"
     options: "--alter"
+  proto_id: 201
+  main_interface: ens18
diff --git a/plays/arpproxy.yml b/plays/arpproxy.yml
index ddc4fdd2..dc6fd820 100755
--- a/plays/arpproxy.yml
+++ b/plays/arpproxy.yml
@@ -5,3 +5,4 @@
     service: "{{ glob_service_proxy | default({}) | combine(loc_service_proxy | default({})) }}"
   roles:
     - service
+    - arpproxy
diff --git a/roles/arpproxy/tasks/main.yml b/roles/arpproxy/tasks/main.yml
new file mode 100644
index 00000000..0f514893
--- /dev/null
+++ b/roles/arpproxy/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: Register proto proxy
+  lineinfile:
+    path: /etc/iproute2/rt_protos.d/proxy.conf
+    regexp: "^\\d+ proxy$"
+    line: "{{ service.proto_id }} {{ service.config.protocol }}"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Enable IP forward and ARP and NDP proxies
+  sysctl:
+    name: "{{ item.name }}"
+    value: "1"
+    sysctl_file: "/etc/sysctl.d/{{ item.file }}.conf"
+    sysctl_set: true
+    reload: true
+  loop:
+    - {name: "net.ipv4.ip_forward", file: "10-forwarding"}
+    - {name: "net.ipv6.conf.all.forwarding", file: "10-forwarding"}
+    - {name: "net.ipv4.conf.{{ service.main_interface }}.proxy_arp", file: "11-proxy-{{ service.main_interface }}"}
+    - {name: "net.ipv6.conf.{{ service.main_interface }}.proxy_ndp", file: "11-proxy-{{ service.main_interface }}"}