Skip to content

Commit

Permalink
improved logic for ipv6
Browse files Browse the repository at this point in the history 
Signed-off-by: Mark Bolwell <[email protected]>
  • Loading branch information
@uk-bolly
uk-bolly committed Feb 12, 2024
1 parent bdc207b commit e0cc496
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions tasks/section_3/cis_3.3.x.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,9 @@
state: present
reload: true
ignoreerrors: true
when: debian11cis_ipv6_disable == 'sysctl'
when:
- debian11cis_ipv6_required
- debian11cis_ipv6_disable == 'sysctl'
with_items:
- net.ipv6.conf.all.accept_source_route
- net.ipv6.conf.default.accept_source_route
Expand Down Expand Up @@ -67,7 +69,9 @@
state: present
reload: true
ignoreerrors: true
when: debian11cis_ipv6_disable == 'sysctl'
when:
- debian11cis_ipv6_required
- debian11cis_ipv6_disable == 'sysctl'
with_items:
- net.ipv6.conf.all.accept_redirects
- net.ipv6.conf.default.accept_redirects
Expand Down Expand Up @@ -232,6 +236,7 @@
- net.ipv6.conf.default.accept_ra
notify: Flush ipv6 route table
when:
- debian11cis_ipv6_required
- debian11cis_rule_3_3_9
tags:
- level1-server
Expand Down

0 comments on commit e0cc496

Please sign in to comment.