---
- name: Add disable sysctl values
  sysctl:
    name: "{{ item }}"
    value: "0"
    state: present
    sysctl_file: /etc/sysctl.d/00-cis-rules
  loop:
    - net.ipv4.conf.all.accept_redirects
    - net.ipv4.conf.default.accept_redirects
    - net.ipv6.conf.all.accept_redirects
    - net.ipv6.conf.default.accept_redirects
    - net.ipv4.conf.all.secure_redirects
    - net.ipv4.conf.default.secure_redirects
    - net.ipv4.conf.all.send_redirects
    - net.ipv4.conf.default.send_redirects
    - net.ipv4.conf.all.accept_source_route
    - net.ipv4.conf.default.accept_source_route
    - net.ipv6.conf.all.accept_source_route
    - net.ipv6.conf.default.accept_source_route
    - fs.suid_dumpable
- name: Add enable sysctl values
  sysctl:
    name: "{{ item }}"
    value: "1"
    state: present
    sysctl_file: /etc/sysctl.d/00-cis-rules
  loop:
    - net.ipv4.conf.all.log_martians
    - net.ipv4.conf.default.log_martians
    - net.ipv4.conf.default.rp_filter