add some missing IPv6 options

defaults/main.yml

@@ -7,6 +7,9 @@ kernel_disable_modules:
   - tipc
   - rds
   - bluetooth
+  - cramfs
+  - squashfs
+  - udf
 
 kernel_blacklist_modules: []
 

templates/etc/sysctl.d/local.conf.j2

@@ -47,6 +47,7 @@ net.ipv4.tcp_syncookies = 1
 
 # Turn on and log spoofed, source routed, and redirect packets
 net.ipv4.conf.all.log_martians = 1
+net.ipv4.conf.default.accept_source_route = 0
 
 # No source routed packets here
 net.ipv4.conf.all.accept_source_route = 0
@@ -80,6 +81,10 @@ net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
 {% else %}
 
+# Disable router advertisements
+net.ipv6.conf.default.accept_ra = 0
+net.ipv6.conf.all.accept_ra = 0
+
 # Disable ICMP routing redirects
 net.ipv6.conf.all.accept_redirects = 0
 net.ipv6.conf.default.accept_redirects = 0
@@ -87,6 +92,9 @@ net.ipv6.conf.default.accept_redirects = 0
 # Disable forwarding of IPv6 source-routed packets
 net.ipv6.conf.all.accept_source_route = 0
 net.ipv6.conf.default.accept_source_route = 0
+
+# Disable forwarding of IPv6
+net.ipv6.conf.all.forwarding = 0
 {% endif %}
 {% if kernel_namespace_support_enabled | bool %}
 

templates/etc/systemd/coredump.conf.j2

@@ -0,0 +1,7 @@
+#jinja2: lstrip_blocks: True
+{{ ansible_managed | comment }}
+[Coredump]
+{% if not kernel_coredump_enabled | bool %}
+Storage=none
+ProcessSizeMax=0
+{% endif %}