Describe the Issue
Currently the ipv6 settings are only configured if ipv6 is declared in use. I think they should be set either way as auditing tools might throw an error if it isn't configured even if ipv6 isn't in use. It also prevents ipv6 being enabled in the future but this control not being changed.
- name: "3.5.1.4 | PATCH | Ensure loopback traffic is configured | Set deny ufw rules IPv6"
community.general.ufw:
rule: deny
direction: in
from_ip: '::1'
notify: Reload ufw
when: ubtu22cis_ipv6_required
Expected Behavior
ipv6 settings not being configured unless explicitly stated that ipv6 is in use.
Actual Behavior
ipv6 settings only run if the ubtu22cis_ipv6_required is true
Control(s) Affected
3.5.1.4
Possible Solution
Remove the conditional when: ubtu22cis_ipv6_required
Describe the Issue Currently the ipv6 settings are only configured if ipv6 is declared in use. I think they should be set either way as auditing tools might throw an error if it isn't configured even if ipv6 isn't in use. It also prevents ipv6 being enabled in the future but this control not being changed.
Expected Behavior ipv6 settings not being configured unless explicitly stated that ipv6 is in use.
Actual Behavior ipv6 settings only run if the
ubtu22cis_ipv6_required
istrue
Control(s) Affected 3.5.1.4
Possible Solution Remove the conditional
when: ubtu22cis_ipv6_required