From 6c4d7d31e4ca97d9958430046424f4dcdfede967 Mon Sep 17 00:00:00 2001 From: Jordi Prats Date: Wed, 29 May 2019 09:57:08 +0200 Subject: [PATCH 1/2] ipv6 accept_redirects --- CHANGELOG.md | 6 ++++++ manifests/init.pp | 2 ++ metadata.json | 2 +- templates/sysctlbase.erb | 4 ++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 72f2e86..b5064df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # CHANGELOG +## 0.3.6 + +* added **IPv6** settings: + - ipv6_all_accept_redirects + - ipv6_default_accept_redirects + ## 0.3.5 * added support for SLES 11.4 diff --git a/manifests/init.pp b/manifests/init.pp index 1e9d3a7..38243b5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -36,6 +36,8 @@ $ipv4_default_secure_redirects = false, $ipv4_all_send_redirects = false, $ipv4_default_send_redirects = false, + $ipv6_all_accept_redirects = false, + $ipv6_default_accept_redirects = false, ) inherits sysctl::params { Exec{ diff --git a/metadata.json b/metadata.json index bc0431e..c2ef5db 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "eyp-sysctl", - "version": "0.3.5", + "version": "0.3.6", "author": "eyp", "summary": "configure and manage sysctl", "license": "Apache-2.0", diff --git a/templates/sysctlbase.erb b/templates/sysctlbase.erb index 2374dfb..e14469e 100644 --- a/templates/sysctlbase.erb +++ b/templates/sysctlbase.erb @@ -52,6 +52,10 @@ net.ipv4.conf.default.secure_redirects = <%= scope.function_bool2number([@ipv4_d net.ipv4.conf.all.send_redirects = <%= scope.function_bool2number([@ipv4_all_send_redirects]) %> net.ipv4.conf.default.send_redirects = <%= scope.function_bool2number([@ipv4_default_send_redirects]) %> +# ipv6 +net.ipv6.conf.all.accept_redirects = <%= scope.function_bool2number([@ipv6_all_accept_redirects]) %> +net.ipv6.conf.default.accept_redirects = <%= scope.function_bool2number([@ipv6_default_accept_redirects]) %> + # Restrict core dumps fs.suid_dumpable = <%= scope.function_bool2number([@suid_dumpable]) %> From 40c363c40342062f0f09156ca2b6f35168c8e362 Mon Sep 17 00:00:00 2001 From: Jordi Prats Date: Wed, 29 May 2019 10:06:43 +0200 Subject: [PATCH 2/2] =?UTF-8?q?m=C3=A9s=20default=20settings?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 2 ++ manifests/init.pp | 2 ++ templates/sysctlbase.erb | 7 ++++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b5064df..27c2ea9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ * added **IPv6** settings: - ipv6_all_accept_redirects - ipv6_default_accept_redirects + - ipv6_conf_all_accept_ra + - ipv6_conf_default_accept_ra ## 0.3.5 diff --git a/manifests/init.pp b/manifests/init.pp index 38243b5..6f1af1c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -38,6 +38,8 @@ $ipv4_default_send_redirects = false, $ipv6_all_accept_redirects = false, $ipv6_default_accept_redirects = false, + $ipv6_conf_all_accept_ra = undef, + $ipv6_conf_default_accept_ra = undef, ) inherits sysctl::params { Exec{ diff --git a/templates/sysctlbase.erb b/templates/sysctlbase.erb index e14469e..a33e466 100644 --- a/templates/sysctlbase.erb +++ b/templates/sysctlbase.erb @@ -55,7 +55,12 @@ net.ipv4.conf.default.send_redirects = <%= scope.function_bool2number([@ipv4_def # ipv6 net.ipv6.conf.all.accept_redirects = <%= scope.function_bool2number([@ipv6_all_accept_redirects]) %> net.ipv6.conf.default.accept_redirects = <%= scope.function_bool2number([@ipv6_default_accept_redirects]) %> - +<% if defined?(@ipv6_conf_all_accept_ra) -%> +net.ipv6.conf.all.accept_ra = <%= @ipv6_conf_all_accept_ra %> +<% end -%> +<% if defined?(@ipv6_conf_default_accept_ra) -%> +net.ipv6.conf.default.accept_ra = <%= @ipv6_conf_default_accept_ra %> +<% end -%> # Restrict core dumps fs.suid_dumpable = <%= scope.function_bool2number([@suid_dumpable]) %>