[debops-users] enable ip_forward in debops.sysctrl.

Jan Kowalsky jankow at datenkollektiv.net
Tue Nov 7 09:15:47 CET 2017


Hi all,

I want to enable ip forwarding (ipv4/ipv6) for one host. I thought it
should be enough to set

 sysctl__system_ip_forwarding_enabled: True

But it doesn't work.

I have to set instead:

sysctl__host_parameters:
   'net.ipv4.ip_forward':
     value: 1
     comment: |
       enable IPv4 traffic forwarding.

If I understand correctly, it's enabled/disabled through this rule in
the debops.sysctl role:

sysctl__hardening_map:
  'net.ipv4.ip_forward':
    value: 0
    comment: |
      Disable IPv4 traffic forwarding.
    state: '{{ sysctl__system_ip_forwarding_enabled|bool |
ternary("absent", "present") }}'
  'net.ipv6.conf.all.forwarding':
    value: 0
    comment: 'Disable IPv6 traffic forwarding.'
    state: '{{ sysctl__system_ip_forwarding_enabled|bool |
ternary("absent", "present") }}'
[.....]


What do I wrong?

What I realized: I do not set

  sysctl__system_ip_forwarding_enabled: True

at all, there is an entry: 	

  net.ipv4.ip_forward = 1

set. If I don't set it there is no entry generated at all - which means
the default (on debian) is active which means "0".

Thanks and regards
Jan


More information about the debops-users mailing list