add ip ip_unprivileged_port_start sysctl param

2023-11-07 18:34:01 +01:00 · 2023-11-07 18:34:01 +01:00 · 30229ab7e5
commit 30229ab7e5
parent 6c2ddb35a6
4 changed files with 14 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -46,3 +46,4 @@ system_ssh_custom_host: []

 system_wol_enable: False
 system_wol_mac: "{{ ansible_default_ipv4.macaddress }}"
+system_ip_unprivileged_port_start: 1024
--- a/tasks/tasks.sysctl.yml
+++ b/tasks/tasks.sysctl.yml
@ -1,10 +1,20 @@
 ---
 - name: Disable IPV6
  ansible.builtin.template:
-    src: 40-ipv6.j2
+    src: sysctl.d/40-ipv6.j2
    dest: /etc/sysctl.d/40-ipv6.conf
    owner: root
    group: root
-    mode: 0644
+    mode: "0644"
+  notify: Restart_sysctl
+  become: true
+---
+- name: set ip_unprivileged_port_start
+  ansible.builtin.template:
+    src: sysctl.d/40-ip_unprivileged_port_start.j2
+    dest: /etc/sysctl.d/40-ip_unprivileged_port_start.conf
+    owner: root
+    group: root
+    mode: "0644"
  notify: Restart_sysctl
  become: true
--- a/templates/sysctl.d/40-ip_unprivileged_port_start.j2
+++ b/templates/sysctl.d/40-ip_unprivileged_port_start.j2
@ -0,0 +1 @@
+net.ipv4.ip_unprivileged_port_start = {{ system_ip_unprivileged_port_start }}
--- a/templates/sysctl.d/40-ipv6.j2
+++ b/templates/sysctl.d/40-ipv6.j2
				`@ -0,0 +1 @@`
				`net.ipv4.ip_unprivileged_port_start = {{ system_ip_unprivileged_port_start }}`