Disable icmp redirects

jsecchiero · Aug 3, 2020 · 2e7c7db · 2e7c7db
1 parent 3d1503e
commit 2e7c7db
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/tasks/config.yml b/tasks/config.yml
@@ -1,6 +1,22 @@
 ---
 # config-specific task file for strongswan
 
+- name: Disable icmp redirects in all interfaces
+  sysctl:
+    name: net.ipv4.conf.all.send_redirects
+    value: 0
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: Disable icmp redirects as a default configration
+  sysctl:
+    name: net.ipv4.conf.default.send_redirects
+    value: 0
+    sysctl_set: yes
+    state: present
+    reload: yes
+
 - name: Copy script available for nat connections
   copy: src=_updown_nat dest=/usr/lib/ipsec/ mode=0755
   notify: