9 changed files with 22 additions and 23 deletions
@ -1,12 +0,0 @@
|
||||
# IPv6 Privacy Extensions (RFC 4941) |
||||
# --- |
||||
# IPv6 typically uses a device's MAC address when choosing an IPv6 address |
||||
# to use in autoconfiguration. Privacy extensions allow using a randomly |
||||
# generated IPv6 address, which increases privacy. |
||||
# |
||||
# Acceptable values: |
||||
# 0 - don’t use privacy extensions. |
||||
# 1 - generate privacy addresses |
||||
# 2 - prefer privacy addresses and use them over the normal addresses. |
||||
net.ipv6.conf.all.use_tempaddr = 0 |
||||
net.ipv6.conf.default.use_tempaddr = 0 |
||||
@ -1,9 +0,0 @@
|
||||
- name: copy over ipv6 kernel configs |
||||
copy: src={{ item.src }} dest={{ item.dest }} |
||||
with_items: |
||||
- { src: '10-ipv6-privacy.conf', dest: '/etc/sysctl.d/10-ipv6-privacy.conf' } |
||||
|
||||
- name: Template disable ra |
||||
template: src={{ item.src }} dest={{ item.dest }} |
||||
with_items: |
||||
- { src: '10-ipv6-disable-ra.conf', dest: '/etc/sysctl.d/10-ipv6-disable-ra.conf' } |
||||
@ -0,0 +1,11 @@
|
||||
# Disable autoconf |
||||
net.ipv6.conf.all.autoconf=0 |
||||
net.ipv6.conf.default.autoconf=0 |
||||
|
||||
# Stop accepting router advertisments |
||||
net.ipv6.conf.all.accept_ra=0 |
||||
net.ipv6.conf.default.accept_ra=0 |
||||
|
||||
# Do not use temporary addresses |
||||
net.ipv6.conf.all.use_tempaddr=0 |
||||
net.ipv6.conf.default.use_tempaddr=0 |
||||
@ -0,0 +1,7 @@
|
||||
- name: copy over ipv6 kernel configuration |
||||
copy: src={{ item.src }} dest={{ item.dest }} |
||||
with_items: |
||||
- { src: '10-ipv6.conf', dest: '/etc/sysctl.d/10-ipv6.conf' } |
||||
|
||||
- name: update ipv6 kernel configuration |
||||
command: 'sysctl -w net.ipv6.conf.all.autoconf=0 net.ipv6.conf.default.autoconf=0 net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 net.ipv6.conf.all.use_tempaddr=0 net.ipv6.conf.default.use_tempaddr=0' |
||||
Loading…
Reference in new issue