From 30229ab7e50d2e58048fb4ea4ff5a1670001ed84 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 7 Nov 2023 18:34:01 +0100 Subject: [PATCH] add ip ip_unprivileged_port_start sysctl param --- defaults/main.yml | 1 + tasks/tasks.sysctl.yml | 14 ++++++++++++-- .../sysctl.d/40-ip_unprivileged_port_start.j2 | 1 + templates/{ => sysctl.d}/40-ipv6.j2 | 0 4 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 templates/sysctl.d/40-ip_unprivileged_port_start.j2 rename templates/{ => sysctl.d}/40-ipv6.j2 (100%) diff --git a/defaults/main.yml b/defaults/main.yml index c60e310..679c584 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -46,3 +46,4 @@ system_ssh_custom_host: [] system_wol_enable: False system_wol_mac: "{{ ansible_default_ipv4.macaddress }}" +system_ip_unprivileged_port_start: 1024 diff --git a/tasks/tasks.sysctl.yml b/tasks/tasks.sysctl.yml index 3c490e4..5cd8642 100644 --- a/tasks/tasks.sysctl.yml +++ b/tasks/tasks.sysctl.yml @@ -1,10 +1,20 @@ --- - name: Disable IPV6 ansible.builtin.template: - src: 40-ipv6.j2 + src: sysctl.d/40-ipv6.j2 dest: /etc/sysctl.d/40-ipv6.conf owner: root group: root - mode: 0644 + mode: "0644" + notify: Restart_sysctl + become: true +--- +- name: set ip_unprivileged_port_start + ansible.builtin.template: + src: sysctl.d/40-ip_unprivileged_port_start.j2 + dest: /etc/sysctl.d/40-ip_unprivileged_port_start.conf + owner: root + group: root + mode: "0644" notify: Restart_sysctl become: true diff --git a/templates/sysctl.d/40-ip_unprivileged_port_start.j2 b/templates/sysctl.d/40-ip_unprivileged_port_start.j2 new file mode 100644 index 0000000..e86be1b --- /dev/null +++ b/templates/sysctl.d/40-ip_unprivileged_port_start.j2 @@ -0,0 +1 @@ +net.ipv4.ip_unprivileged_port_start = {{ system_ip_unprivileged_port_start }} diff --git a/templates/40-ipv6.j2 b/templates/sysctl.d/40-ipv6.j2 similarity index 100% rename from templates/40-ipv6.j2 rename to templates/sysctl.d/40-ipv6.j2