Set systcl values in exit-ipv4

2017-03-27 23:47:16 +02:00 · 2017-03-27 23:47:16 +02:00 · 588112b25f
parent 016fce0043
commit 588112b25f
2 changed files with 9 additions and 0 deletions
--- a/roles/exit-ipv4/defaults/main.yml
+++ b/roles/exit-ipv4/defaults/main.yml
@ -0,0 +1,3 @@
+---
+
+conntrack_max: 131072
--- a/roles/exit-ipv4/tasks/main.yml
+++ b/roles/exit-ipv4/tasks/main.yml
@ -3,6 +3,12 @@
 - name: Install iptables-persistent
  apt: name=iptables-persistent state=present

+- name: Enable IPv4 routing
+  sysctl: name=net.ipv4.ip_forward value=1 state=present
+
+- name: Increas conntrack limit
+  sysctl: name=net.netfilter.nf_conntrack_max value={{ conntrack_max }} state=present
+
 - name: Configure iptables
  template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
  notify: Reload iptables