From e0cc49683a738920e2ee83b273c2f55f5fada662 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 12 Feb 2024 15:52:22 +0000
Subject: [PATCH] improved logic for ipv6

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_3/cis_3.3.x.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/tasks/section_3/cis_3.3.x.yml b/tasks/section_3/cis_3.3.x.yml
index a7e39ef..78919be 100644
--- a/tasks/section_3/cis_3.3.x.yml
+++ b/tasks/section_3/cis_3.3.x.yml
@@ -25,7 +25,9 @@
             state: present
             reload: true
             ignoreerrors: true
-        when: debian11cis_ipv6_disable == 'sysctl'
+        when:
+            - debian11cis_ipv6_required
+            - debian11cis_ipv6_disable == 'sysctl'
         with_items:
             - net.ipv6.conf.all.accept_source_route
             - net.ipv6.conf.default.accept_source_route
@@ -67,7 +69,9 @@
             state: present
             reload: true
             ignoreerrors: true
-        when: debian11cis_ipv6_disable == 'sysctl'
+        when:
+            - debian11cis_ipv6_required
+            - debian11cis_ipv6_disable == 'sysctl'
         with_items:
             - net.ipv6.conf.all.accept_redirects
             - net.ipv6.conf.default.accept_redirects
@@ -232,6 +236,7 @@
       - net.ipv6.conf.default.accept_ra
   notify: Flush ipv6 route table
   when:
+      - debian11cis_ipv6_required
       - debian11cis_rule_3_3_9
   tags:
       - level1-server