Use a pre-up script to turn off accept_ra
authorJulien Cristau <jcristau@debian.org>
Mon, 14 Oct 2019 17:52:12 +0000 (19:52 +0200)
committerJulien Cristau <jcristau@debian.org>
Mon, 14 Oct 2019 17:52:12 +0000 (19:52 +0200)
Turns out the /all/ sysctl is a no-op.

modules/debian_org/files/ifupdown-pre-up-accept-ra [new file with mode: 0644]
modules/debian_org/manifests/init.pp

diff --git a/modules/debian_org/files/ifupdown-pre-up-accept-ra b/modules/debian_org/files/ifupdown-pre-up-accept-ra
new file mode 100644 (file)
index 0000000..1094891
--- /dev/null
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+[ "$IFACE" != "lo" ] || exit 0
+[ "$IFACE" != "--all" ] || exit 0
+
+if [ -z "$IFACE" ]; then
+       echo "no interface specified" >&2
+       exit 1
+fi
+
+if [ ! -d /proc/sys/net/ipv6/conf/$IFACE ]; then
+       echo "specified interface does not exist in /proc/sys/net/ipv6/conf/" >&2
+       exit 1
+fi
+
+echo 0 > /procy/sys/net/ipv6/conf/$IFACE/accept_ra
index be1fe71..d45b129 100644 (file)
@@ -340,13 +340,15 @@ class debian_org {
        }
 
        # our ipv6 addresses and routes are statically configured.
+       file { '/etc/network/if-pre-up.d/no_accept_ra':
+               source => 'puppet://modules/debian_org/ifupdown-pre-up-accept-ra',
+               mode   => '0555',
+       }
        base::sysctl { 'dsa-accept-ra-default':
-               key   => 'net.ipv6.conf.default.accept_ra',
-               value => 0,
+               ensure => absent,
        }
        base::sysctl { 'dsa-accept-ra-all':
-               key   => 'net.ipv6.conf.all.accept_ra',
-               value => 0,
+               ensure => absent,
        }
 
        # Disable kpartx udev rules