diff --git a/roles/clean/tasks/clean_lb.yml b/roles/clean/tasks/clean_lb.yml
index 3c04185..5acca40 100644
--- a/roles/clean/tasks/clean_lb.yml
+++ b/roles/clean/tasks/clean_lb.yml
@@ -1,11 +1,10 @@
 # to clean 'lb' service
 - block:
-  - name: stop keepalived service
-    shell: systemctl disable keepalived && systemctl stop keepalived
-    ignore_errors: true
-
-  - name: stop haproxy service
-    shell: systemctl disable haproxy && systemctl stop haproxy
+  - name: rm service keepalived and haproxy
+    service: name={{ item }} state=stopped enabled=no
+    with_items:
+    - keepalived
+    - haproxy
     ignore_errors: true
 
   - name: remove files and dirs
diff --git a/roles/os-harden/os-harden.yml b/roles/os-harden/os-harden.yml
index a2868e8..d2d0ba6 100644
--- a/roles/os-harden/os-harden.yml
+++ b/roles/os-harden/os-harden.yml
@@ -7,8 +7,8 @@
     os_security_suid_sgid_whitelist: ['/usr/bin/rlogin']
     os_filesystem_whitelist: ['vfat']
     sysctl_config:
-      net.ipv4.ip_forward: 0
-      net.ipv6.conf.all.forwarding: 0
+      net.ipv4.ip_forward: 1
+      net.ipv6.conf.all.forwarding: 1
       net.ipv6.conf.all.accept_ra: 0
       net.ipv6.conf.default.accept_ra: 0
       net.ipv4.conf.all.rp_filter: 1