From 646b4decc1750334624bb3053a950352cdf27019 Mon Sep 17 00:00:00 2001
From: Bernd Grobauer <bernd.grobauer@siemens.com>
Date: Thu, 12 Oct 2023 12:56:20 +0200
Subject: [PATCH] Adding missing lines to sysctl.d/50-default.conf

Signed-off-by: Bernd Grobauer <bernd.grobauer@siemens.com>
---
 tasks/post.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tasks/post.yml b/tasks/post.yml
index 3f1f706a..724611db 100644
--- a/tasks/post.yml
+++ b/tasks/post.yml
@@ -26,6 +26,19 @@
       - not system_is_container
       - "'procps-ng' in ansible_facts.packages"
 
+- name: POST | Update usr sysctl
+  ansible.builtin.lineinfile:
+      dest: /usr/lib/sysctl.d/50-default.conf
+      regexp: "{{ item.regexp }}"
+      line: "{{ item.line }}"
+  loop:
+      - { regexp: '^net.ipv4.conf.default.rp_filter', line: 'net.ipv4.conf.default.rp_filter = 1' }
+      - { regexp: '^net.ipv4.conf.*.rp_filter', line: 'net.ipv4.conf.*.rp_filter = 1' }
+  when:
+      - rhel9cis_sysctl_update
+      - not system_is_container
+      - "'procps-ng' in ansible_facts.packages"
+
 - name: Flush handlers
   ansible.builtin.meta: flush_handlers