From e0392acef039089b78896305f9bbfacbcf93702d Mon Sep 17 00:00:00 2001 From: gjmzj Date: Wed, 5 Jun 2019 20:41:09 +0800 Subject: [PATCH] =?UTF-8?q?fix=20=E5=AE=89=E5=85=A8=E5=8A=A0=E5=9B=BA?= =?UTF-8?q?=E5=85=81=E8=AE=B8ip=5Fforward?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/clean/tasks/clean_lb.yml | 11 +++++------ roles/os-harden/os-harden.yml | 4 ++-- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/clean/tasks/clean_lb.yml b/roles/clean/tasks/clean_lb.yml index 3c04185..5acca40 100644 --- a/roles/clean/tasks/clean_lb.yml +++ b/roles/clean/tasks/clean_lb.yml @@ -1,11 +1,10 @@ # to clean 'lb' service - block: - - name: stop keepalived service - shell: systemctl disable keepalived && systemctl stop keepalived - ignore_errors: true - - - name: stop haproxy service - shell: systemctl disable haproxy && systemctl stop haproxy + - name: rm service keepalived and haproxy + service: name={{ item }} state=stopped enabled=no + with_items: + - keepalived + - haproxy ignore_errors: true - name: remove files and dirs diff --git a/roles/os-harden/os-harden.yml b/roles/os-harden/os-harden.yml index a2868e8..d2d0ba6 100644 --- a/roles/os-harden/os-harden.yml +++ b/roles/os-harden/os-harden.yml @@ -7,8 +7,8 @@ os_security_suid_sgid_whitelist: ['/usr/bin/rlogin'] os_filesystem_whitelist: ['vfat'] sysctl_config: - net.ipv4.ip_forward: 0 - net.ipv6.conf.all.forwarding: 0 + net.ipv4.ip_forward: 1 + net.ipv6.conf.all.forwarding: 1 net.ipv6.conf.all.accept_ra: 0 net.ipv6.conf.default.accept_ra: 0 net.ipv4.conf.all.rp_filter: 1