diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-03-13 16:43:50 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:43 +0200 |
| commit | d72d516f2647a3e03b5e11d891c6ec4e9ddcf9cf (patch) | |
| tree | 3d8e0f75a74d710aa1f0d84ce27daea302acb6e1 /roles/common/tasks/sysctl.yml | |
| parent | 984708466b7c368e98a8b51c00acff5e6b870bd2 (diff) | |
Make use of Ansible 1.5 new features.
Most notably pipelining=True and sysctl_set=yes.
Diffstat (limited to 'roles/common/tasks/sysctl.yml')
| -rw-r--r-- | roles/common/tasks/sysctl.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/tasks/sysctl.yml b/roles/common/tasks/sysctl.yml index 9adeece..6ac7feb 100644 --- a/roles/common/tasks/sysctl.yml +++ b/roles/common/tasks/sysctl.yml @@ -1,21 +1,21 @@ -- sysctl: name={{ item.name }} value={{ item.value }} +- sysctl: name={{ item.name }} "value={{ item.value }}" sysctl_set=yes with_items: - { name: 'kernel.domainname', value: '{{ ansible_domain }}' } # Networking. See # https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt # Enable Spoof protection (reverse-path filter). Turn on Source # Address Verification in all interfaces to prevent some spoofing # attacks. - { name: 'net.ipv4.conf.default.rp_filter', value: 1 } - { name: 'net.ipv4.conf.all.rp_filter', value: 1 } # Enable TCP/IP SYN cookies to avoid TCP SYN flood attacks. We # rate-limit not only the default ICMP types 3, 4, 11 and 12 # (0x1818), but also types 0 and 8. See icmp(7). - { name: 'net.ipv4.tcp_syncookies', value: 1 } - { name: 'net.ipv4.icmp_ratemask', value: 6425 } - { name: 'net.ipv4.icmp_ratelimit', value: 1000 } # Disable paquet forwarding between interfaces (we are not a router). |