--- {{ if .Vars.ubtu24cis_level_1 }} {{ if not .Vars.ubtu24cis_is_router }} {{ if .Vars.ubtu24cis_rule_3_3_1 }} kernel-param: net.ipv4.ip_forward: title: 3.3.1 | Ensure IP forwarding is disabled | IPv4 value: '0' meta: server: 1 workstation: 1 CIS_ID: - 3.3.1 CISv8: - 4.8 CISv8_IG1: false CISv8_IG2: true CISv8_IG3: true NIST800-53R5: - CM-1 - CM-2 - CM-6 - CM-7 - IA-5 {{ if .Vars.ubtu24cis_ipv6_required }} net.ipv6.conf.all.forwarding: title: 3.3.1 | Ensure IP forwarding is disabled | IPv6 value: '0' meta: server: 1 workstation: 1 CIS_ID: - 3.3.1 CISv8: - 4.8 CISv8_IG1: false CISv8_IG2: true CISv8_IG3: true NIST800-53R5: - CM-1 - CM-2 - CM-6 - CM-7 - IA-5 {{ end }} command: ipv4_ip_forward: title: 3.3.1 | Ensure IP forwarding is disabled | IPv4 config exec: grep -E "^\s*net\.ipv4\.ip_forward" /etc/sysctl.conf /etc/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /run/sysctl.d/*.conf exit-status: or: - 0 - 1 - 2 stdout: - '/^.*:net.ipv4.ip_forward\s*=\s*0/' meta: server: 1 workstation: 1 CIS_ID: - 3.3.1 CISv8: - 4.8 CISv8_IG1: false CISv8_IG2: true CISv8_IG3: true NIST800-53R5: - CM-1 - CM-2 - CM-6 - CM-7 - IA-5 {{ if .Vars.ubtu24cis_ipv6_required }} ipv6_ip_forward: title: 3.3.1 | Ensure IP forwarding is disabled | IPv6 config exec: grep -E "^\s*net\.ipv6\.conf\.all\.forwarding" /etc/sysctl.conf /etc/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /run/sysctl.d/*.conf exit-status: or: - 0 - 1 - 2 stdout: - '/^.*:net.ipv6.conf.all.forwarding\s*=\s*0/' meta: server: 1 workstation: 1 CIS_ID: - 3.3.1 CISv8: - 4.8 CISv8_IG1: false CISv8_IG2: true CISv8_IG3: true NIST800-53R5: - CM-1 - CM-2 - CM-6 - CM-7 - IA-5 {{ end }} {{ end }} {{ end }} {{ end }}