Disable ipv6

From MyWiki
Revision as of 16:37, 23 March 2020 by George2 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

https://github.com/juju4/ansible-ipv6/blob/master/tasks/ipv6-disable.yml

---
 
## either disable
- name: Disable IPv6 with sysctl
  sysctl: name={{ item }} value=1 state=present reload=yes
  with_items:
    - net.ipv6.conf.all.disable_ipv6
    - net.ipv6.conf.default.disable_ipv6
    - net.ipv6.conf.lo.disable_ipv6

- name: Debian | blacklist ipv6 in modprobe
  lineinfile: "dest=/etc/modprobe.d/blacklist.conf line='blacklist ipv6' create=yes"
  notify:
    - rmmodipv6
  when: ansible_os_family == 'Debian'

- name: RedHat | placeholder true for ipv6 in modprobe
  lineinfile: "dest=/etc/modprobe.conf line='install ipv6 /bin/true' create=yes"
  notify:
    - rmmodipv6
  when: ansible_os_family == 'RedHat'

- name: RedHat | disable ipv6 in sysconfig/network
  lineinfile:
    dest: /etc/sysconfig/network
    regexp: "^{{ item.regexp }}"
    line: "{{ item.line }}"
    backup: yes
    create: yes
  with_items:
    - { regexp: 'NETWORKING_IPV6=.*', line: 'NETWORKING_IPV6=NO' }
    - { regexp: 'IPV6INIT=.*', line: 'IPV6INIT=no' }
  notify:
    - restart network
    - restart NetworkManager
  when: ansible_os_family == 'RedHat'

- include: ipv6-grub-disable.yml
 
## either control router sollicitation/advertisement to avoid malicious rerouting of IPv6
## Monitor?
##  https://thc.org/thc-ipv6/
##  http://www.si6networks.com/tools/ipv6toolkit/
## Filter?
 
## State: http://6lab.cisco.com/stats/
Retrieved from "https://wiki.twig.es/index.php?title=Disable_ipv6&oldid=4623"