Archives/algo
2
0
Fork 0
mirror of https://github.com/trailofbits/algo synced 2024-11-18 09:25:38 +00:00
Code Issues Projects Releases Wiki Activity

MASQUERADE #6

Browse Source
This commit is contained in:
jack 2016-08-03 09:10:56 +03:00
parent 8a31062249
commit 7512a75ccb
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security.yml
View File

@ -117,10 +117,12 @@
- name: Enable packet forwarding for IPv4 - name: Enable packet forwarding for IPv4
sysctl: name=net.ipv4.ip_forward value=1 sysctl: name=net.ipv4.ip_forward value=1
- name: Enable packet forwarding for IPv6
sysctl: name=net.ipv6.conf.all.forwarding value=1
- name: Do not send ICMP redirects (we are not a router) - name: Do not send ICMP redirects (we are not a router)
sysctl: name=net.ipv4.conf.all.send_redirects value=0 sysctl: name=net.ipv4.conf.all.send_redirects value=0
handlers: handlers:
- name: restart auditd - name: restart auditd
service: name=auditd state=restarted service: name=auditd state=restarted

5
vpn.yml
View File

@ -32,6 +32,11 @@
notify: notify:
- save iptables - save iptables
- name: Configure ip6tables so IPSec traffic can traverse the tunnel
iptables: ip_version=ipv6 table=nat chain=POSTROUTING source="{{ vpn_network_ipv6 }}" jump=MASQUERADE
notify:
- save iptables
- name: Setup the ipsec.conf file from our template - name: Setup the ipsec.conf file from our template
template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644 template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644
notify: notify: