Re: net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 not working?!
On 10.01.2026 17:40 Uhr Reinder wrote:
> When trying to disable automatic binding of a (wrongly) advertised
> ipv6 IP I got stuck and only got it to work with the bottom two lines
> below in my /etc/sysctl.d/am-no-ipv6.conf:
The right way is to fix that issue instead of changing every device.
> root@reinder:~# cat /etc/sysctl.d/am-no-ipv6.conf
> net.ipv6.conf.all.accept_ra=0
> net.ipv6.conf.all.autoconf=0
> net.ipv6.conf.default.accept_ra=0
> net.ipv6.conf.default.autoconf=0
> net.ipv6.conf.ens18.accept_ra=0
> net.ipv6.conf.ens19.accept_ra=0
> root@reinder:~#
>
> This is, to me, unexpected, even unwanted behavior?
> I would expect disabling default and all to work and prevent ipv6
> routing and perhaps need of firewalling?!
The first question is the current state, so check if your values are
applied with sysctl -a.
Routing is handled different, the settings you mentioned disable the
SLAAC address generation and the insertion of the routes (default and
for each advertised prefix) from the RA. It doesn't disable IPv6
routing at all and it is entirely unrelated about firewalling.
You should definitely fix the real problems instead of tinkering around
here.
> What I also tried before and still have access but does not prevent
> an ipv6 from binding:
There are other ways of IPv6 addressing, like link-local.
> root@reinder:~# tail -7 /etc/dhcpcd.conf
> ## only ipv4
> ipv4only
> ipv6ra_noautoconf
> nodhcp6
> noipv6
> noipv6rs
> noipv4ll
> root@reinder:~#
Do you really use dhcpcd or do you use the NetworkManager?
--
kind regards
Marco
Send spam to 1768063201muell@stinkedores.dorfdsl.de
Reply to: