diff --git a/roles/networking/tasks/main.yml b/roles/networking/tasks/main.yml index 903ae9d..a15482a 100644 --- a/roles/networking/tasks/main.yml +++ b/roles/networking/tasks/main.yml @@ -4,11 +4,25 @@ name: net.ipv4.ip_forward value: '1' sysctl_set: true - when: "{{ ipv4_forwarding }}" + when: ipv4_forwarding - name: Enable ipv6 forwarding ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding value: '1' sysctl_set: true - when: "{{ ipv6_forwarding }}" + when: ipv6_forwarding + +- name: Disable ipv4 forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '0' + sysctl_set: true + when: not ipv4_forwarding + +- name: Disable ipv6 forwarding + ansible.posix.sysctl: + name: net.ipv6.conf.all.forwarding + value: '0' + sysctl_set: true + when: not ipv6_forwarding diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml index 8e081c2..0b973f9 100644 --- a/roles/vpn/handlers/main.yml +++ b/roles/vpn/handlers/main.yml @@ -1,4 +1,5 @@ --- +# This is so uggly - name: Reload wireguard for interface systemd: name: "wg-quick@{{ item }}"