From 588112b25f3c2046033f4bf8a568d0e20017479c Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Mon, 27 Mar 2017 23:47:16 +0200
Subject: [PATCH] Set systcl values in exit-ipv4

---
 roles/exit-ipv4/defaults/main.yml | 3 +++
 roles/exit-ipv4/tasks/main.yml    | 6 ++++++
 2 files changed, 9 insertions(+)
 create mode 100644 roles/exit-ipv4/defaults/main.yml

diff --git a/roles/exit-ipv4/defaults/main.yml b/roles/exit-ipv4/defaults/main.yml
new file mode 100644
index 0000000..28daf80
--- /dev/null
+++ b/roles/exit-ipv4/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+conntrack_max: 131072
diff --git a/roles/exit-ipv4/tasks/main.yml b/roles/exit-ipv4/tasks/main.yml
index f02422e..4846b66 100644
--- a/roles/exit-ipv4/tasks/main.yml
+++ b/roles/exit-ipv4/tasks/main.yml
@@ -3,6 +3,12 @@
 - name: Install iptables-persistent
   apt: name=iptables-persistent state=present
 
+- name: Enable IPv4 routing
+  sysctl: name=net.ipv4.ip_forward value=1 state=present
+
+- name: Increas conntrack limit
+  sysctl: name=net.netfilter.nf_conntrack_max value={{ conntrack_max }} state=present
+
 - name: Configure iptables
   template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
   notify: Reload iptables