From 3b305d486666a7e5f145e26a8f08dba80bc5b070 Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Sun, 16 Aug 2020 10:09:29 +0200
Subject: [PATCH] [sysctl-fowarding] Enable IP forwarding on routers

---
 plays/firewall.yml                                       | 3 ++-
 roles/sysctl-forwarding/tasks/main.yml                   | 5 +++++
 .../templates/sysctl.d/10-forwarding.conf.j2             | 9 +++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 roles/sysctl-forwarding/tasks/main.yml
 create mode 100644 roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2

diff --git a/plays/firewall.yml b/plays/firewall.yml
index 37f9c396..61065447 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -1,9 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy iproute2 config file
+# Deploy iproute2 and sysctl config files
 - hosts: crans_routeurs
   roles:
     - iproute2
+    - sysctl-forwarding
 
 # Deploy firewall
 - hosts: crans_routeurs
diff --git a/roles/sysctl-forwarding/tasks/main.yml b/roles/sysctl-forwarding/tasks/main.yml
new file mode 100644
index 00000000..e9230039
--- /dev/null
+++ b/roles/sysctl-forwarding/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Deploy sysctl configuration
+  template:
+    src: sysctl.d/10-forwarding.conf.j2
+    dest: /etc/sysctl.d/10-forwarding.conf
diff --git a/roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2 b/roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2
new file mode 100644
index 00000000..8656e7b0
--- /dev/null
+++ b/roles/sysctl-forwarding/templates/sysctl.d/10-forwarding.conf.j2
@@ -0,0 +1,9 @@
+{{ ansible_header | comment }}
+
+# Enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
-- 
GitLab