From 6b1a9ee9134c07c2ed2eae7515765bcb9e88d8e2 Mon Sep 17 00:00:00 2001
From: Mohammad Issa <mohammad.issa@windriver.com>
Date: Tue, 28 Jan 2025 17:48:35 +0000
Subject: [PATCH] Network Configuration updates Pt.1

Fix the following CIS Benchmark network configurations:
- 3.3.7 Ensure Reverse Path Filtering is enabled

Testing:
- Build successful
- SX and DX deployment successful
- Run CIS Tenable-IO scan with no errors

Story: 2011210
Task: 51626

Change-Id: I6d338c340d653cf51dcaa983f2cea32f8f02d2d5
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
---
 .../roles/common/bringup-kubemaster/tasks/main.yml         | 2 --
 .../kubernetes/tasks/configure-networking.yml              | 7 -------
 2 files changed, 9 deletions(-)

diff --git a/playbookconfig/src/playbooks/roles/common/bringup-kubemaster/tasks/main.yml b/playbookconfig/src/playbooks/roles/common/bringup-kubemaster/tasks/main.yml
index 5d9a37239..93a60924b 100644
--- a/playbookconfig/src/playbooks/roles/common/bringup-kubemaster/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/common/bringup-kubemaster/tasks/main.yml
@@ -34,8 +34,6 @@
     - net.bridge.bridge-nf-call-ip6tables = 1
     - net.bridge.bridge-nf-call-iptables = 1
     - net.ipv4.ip_forward = 1
-    - net.ipv4.conf.default.rp_filter = 0
-    - net.ipv4.conf.all.rp_filter = 0
     - net.ipv6.conf.all.forwarding = 1
 
 - name: Update kernel parameters for iptables
diff --git a/playbookconfig/src/playbooks/roles/provision-edgeworker/prepare-edgeworker/kubernetes/tasks/configure-networking.yml b/playbookconfig/src/playbooks/roles/provision-edgeworker/prepare-edgeworker/kubernetes/tasks/configure-networking.yml
index ca7be9360..e112883b4 100644
--- a/playbookconfig/src/playbooks/roles/provision-edgeworker/prepare-edgeworker/kubernetes/tasks/configure-networking.yml
+++ b/playbookconfig/src/playbooks/roles/provision-edgeworker/prepare-edgeworker/kubernetes/tasks/configure-networking.yml
@@ -14,10 +14,3 @@
     value: 1
     sysctl_file: /etc/sysctl.d/99-sysctl.conf
     state: present
-
-- name: Add net.ipv4.conf.tunl0.rp_filter in sysctl for calico
-  lineinfile:
-    path: /etc/sysctl.conf
-    line: net.ipv4.conf.tunl0.rp_filter=0
-    state: present
-  failed_when: false