From 2b17f3f1683c9e6b77729eabb02fea7bb67102e1 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 8 Apr 2026 12:52:40 +0100
Subject: [PATCH] updated tags on optional

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_4/cis_4.3.x.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tasks/section_4/cis_4.3.x.yml b/tasks/section_4/cis_4.3.x.yml
index 4398df2..21412d3 100644
--- a/tasks/section_4/cis_4.3.x.yml
+++ b/tasks/section_4/cis_4.3.x.yml
@@ -7,7 +7,11 @@
     - rhel9cis_rule_4_3_2
     - rhel9cis_rule_4_3_3
     - rhel9cis_rule_4_3_4
-  tags: always
+  tags:
+    - rule_4.3.1
+    - rule_4.3.2
+    - rule_4.3.3
+    - rule_4.3.4
   ansible.builtin.command: "nft add table inet {{ rhel9cis_nft_tables_tablename }}"
   changed_when: true
 
@@ -210,7 +214,7 @@
       ansible.builtin.command: nft add rule inet "{{ rhel9cis_nft_tables_tablename }}" input iif lo accept
       changed_when: true
 
-    - name: "4.3.4 | PATCH | Ensure nftables loopback traffic is configured | Set ip sddr rule | nftables"
+    - name: "4.3.4 | PATCH | Ensure nftables loopback traffic is configured | Set ip saddr rule | nftables"
       when: '"ip saddr 127.0.0.0/8 counter packets 0 bytes 0 drop" not in discovered_nftables_ipsaddr.stdout'
       ansible.builtin.command: nft add rule inet "{{ rhel9cis_nft_tables_tablename }}" input ip saddr 127.0.0.0/8 counter drop
       changed_when: true