From c85e9ba43f3069dd2868c103c78fc8fae15328b9 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 30 Mar 2022 11:36:36 +0100
Subject: [PATCH] updated ipv6 rules

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_3/cis_3.1.x.yml | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/tasks/section_3/cis_3.1.x.yml b/tasks/section_3/cis_3.1.x.yml
index dbc3507..241ec20 100644
--- a/tasks/section_3/cis_3.1.x.yml
+++ b/tasks/section_3/cis_3.1.x.yml
@@ -3,15 +3,11 @@
 # The CIS Control wants IPv6 disabled if not in use. 
 # We are using the rhel9cis_ipv6_required to specify if you have IPv6 in use
 - name: "3.1.1 | PATCH | Verify if IPv6 is enabled on the system"
-  sysctl:
-      name: "{{ item }}"
-      value: '1'
-      state: present
-      reload: yes
-  with_items:
-      - net.ipv6.conf.all.disable_ipv6
-      - net.ipv6.conf.default.disable_ipv6
-      - net.ipv6.conf.lo.disable_ipv6
+  debug:
+      msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/99-sysctl.conf"
+      notify: 
+          - update sysctl
+          - sysctl flush ipv6 route table
   when:
       - not rhel9cis_ipv6_required
       - rhel9cis_rule_3_1_1