in lxc/docker/openvz IPv6 is always disabled by ufw-configuration #402
Comments
|
And - by the way - in ssh_hardening there is an option: "network_ipv6_enable" which could be used here, too. |
|
We decided that we remvoe the disablement of ipv6 (see #406 (comment)) so this problem should then be obsolete. |
|
I agree. Issue closed. Thanks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
There is no way to enable IPv6 in lxc/docker/openvz systems because in ufw IPv6 is only enabled when "{{ 'no' if sysctl_config['net.ipv6.conf.all.disable_ipv6'] is defined and sysctl_config['net.ipv6.conf.all.disable_ipv6'] == 1 else 'yes' }}" (devsec/hardening/roles/os_hardening/templates/etc/default/ufw.j2) and sysctl_config['net.ipv6.conf.all.disable_ipv6'] is disabled by default, while building combined sysctl-dict if overwrites are defined is not done on above containerd systems "when: ansible_virtualization_type not in ['docker', 'lxc', 'openvz']" (devsec/hardening/roles/os_hardening/tasks/sysctl.yml)
Expected behavior
IPv6=yes
Actual behavior
Example Playbook
OS / Environment
debian 10.8
Ansible Version
Role Version
Additional context
Add any other context about the problem here.
lxc container
The text was updated successfully, but these errors were encountered: