From d18d1ffd4f1a902b8dc555bbc7fe25e471920780 Mon Sep 17 00:00:00 2001
From: Niklas Yann Wettengel <niyawe@niyawe.de>
Date: Sun, 2 Jul 2017 15:05:58 +0200
Subject: [PATCH] enable ipv6 routing

---
 roles/configure_sysctl/files/ff.conf | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/roles/configure_sysctl/files/ff.conf b/roles/configure_sysctl/files/ff.conf
index edd39b2..a80a925 100644
--- a/roles/configure_sysctl/files/ff.conf
+++ b/roles/configure_sysctl/files/ff.conf
@@ -1,10 +1,21 @@
 net.ipv4.ip_forward=1
-#net.ipv6.conf.all.forwarding=1
+
+net.ipv6.conf.all.forwarding=1
+
+net.ipv6.conf.all.autoconf = 0
+net.ipv6.conf.default.autoconf = 0
+
+net.ipv6.conf.all.accept_ra = 0
+net.ipv6.conf.default.accept_ra = 0
+
 net.ipv6.neigh.default.gc_thresh3=4096
 net.ipv6.neigh.default.gc_thresh2=2048
 net.ipv6.neigh.default.gc_thresh1=1024
 net.ipv6.neigh.default.gc_interval=3600
 net.ipv6.neigh.default.gc_stale_time=3600
 
+# decrease nf_conntrack_tcp_timeout_established - default=432000
+net.netfilter.nf_conntrack_tcp_timeout_established=86400
+
 # reboot after kernel panic
 kernel.panic=1