# Not working: root@reinder:~# cat /etc/sysctl.d/am-no-ipv6.conf net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.all.autoconf=0 net.ipv6.conf.default.accept_ra=0 net.ipv6.conf.default.autoconf=0 #net.ipv6.conf.ens18.accept_ra=0 #net.ipv6.conf.ens19.accept_ra=0root@reinder:~# ip a s dev ens18|grep kernel_ra|sed 's#[0-9]*:*:*:*:*:#xx:xx:xx:xx:xx:#' inet6 xx:xx:xx:xx:xx:7b8:627:2:be24:11ff:febe:1b7/64 scope global dynamic mngtmpaddr proto kernel_ra
root@reinder:~# # Working: root@reinder:~# cat /etc/sysctl.d/am-no-ipv6.conf net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.all.autoconf=0 net.ipv6.conf.default.accept_ra=0 net.ipv6.conf.default.autoconf=0 net.ipv6.conf.ens18.accept_ra=0 net.ipv6.conf.ens19.accept_ra=0root@reinder:~# ip a s dev ens18|grep kernel_ra|sed 's#[0-9]*:*:*:*:*:#xx:xx:xx:xx:xx:#'
root@reinder:~#Also not working if I force it on the kernel cmdline, so not a race as Andy suggested I think?! Something must be ignoring the default/all setting or forcing it back on.
This is latest Debian Trixie btw.root@reinder:~# ip a s dev ens18|grep kernel_ra|sed 's#[0-9]*:*:*:*:*:#xx:xx:xx:xx:xx:#' inet6 xx:xx:xx:xx:xx:7b8:627:2:be24:11ff:febe:1b7/64 scope global dynamic mngtmpaddr proto kernel_ra
root@reinder:~# grep accept_ra /proc/cmdlineBOOT_IMAGE=/boot/vmlinuz-6.12.57+deb13-amd64 root=UUID=0f24c174-2023-4844-9f8c-0b9f55d5881c ro net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 quiet
root@reinder:~# sysctl -a |grep net.ipv6.conf.*accept_ra net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.all.accept_ra_defrtr = 1 net.ipv6.conf.all.accept_ra_from_local = 0 net.ipv6.conf.all.accept_ra_min_hop_limit = 1 net.ipv6.conf.all.accept_ra_min_lft = 0 net.ipv6.conf.all.accept_ra_mtu = 1 net.ipv6.conf.all.accept_ra_pinfo = 1 net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.all.accept_ra_rt_info_min_plen = 0 net.ipv6.conf.all.accept_ra_rtr_pref = 1 net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.default.accept_ra_defrtr = 1 net.ipv6.conf.default.accept_ra_from_local = 0 net.ipv6.conf.default.accept_ra_min_hop_limit = 1 net.ipv6.conf.default.accept_ra_min_lft = 0 net.ipv6.conf.default.accept_ra_mtu = 1 net.ipv6.conf.default.accept_ra_pinfo = 1 net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.default.accept_ra_rt_info_min_plen = 0 net.ipv6.conf.default.accept_ra_rtr_pref = 1 net.ipv6.conf.ens18.accept_ra = 1 net.ipv6.conf.ens18.accept_ra_defrtr = 1 net.ipv6.conf.ens18.accept_ra_from_local = 0 net.ipv6.conf.ens18.accept_ra_min_hop_limit = 1 net.ipv6.conf.ens18.accept_ra_min_lft = 0 net.ipv6.conf.ens18.accept_ra_mtu = 1 net.ipv6.conf.ens18.accept_ra_pinfo = 1 net.ipv6.conf.ens18.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.ens18.accept_ra_rt_info_min_plen = 0 net.ipv6.conf.ens18.accept_ra_rtr_pref = 1 net.ipv6.conf.ens19.accept_ra = 1 net.ipv6.conf.ens19.accept_ra_defrtr = 1 net.ipv6.conf.ens19.accept_ra_from_local = 0 net.ipv6.conf.ens19.accept_ra_min_hop_limit = 1 net.ipv6.conf.ens19.accept_ra_min_lft = 0 net.ipv6.conf.ens19.accept_ra_mtu = 1 net.ipv6.conf.ens19.accept_ra_pinfo = 1 net.ipv6.conf.ens19.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.ens19.accept_ra_rt_info_min_plen = 0 net.ipv6.conf.ens19.accept_ra_rtr_pref = 1 net.ipv6.conf.lo.accept_ra = 1 net.ipv6.conf.lo.accept_ra_defrtr = 1 net.ipv6.conf.lo.accept_ra_from_local = 0 net.ipv6.conf.lo.accept_ra_min_hop_limit = 1 net.ipv6.conf.lo.accept_ra_min_lft = 0 net.ipv6.conf.lo.accept_ra_mtu = 1 net.ipv6.conf.lo.accept_ra_pinfo = 1 net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.lo.accept_ra_rt_info_min_plen = 0 net.ipv6.conf.lo.accept_ra_rtr_pref = 1 root@reinder:~# On 2026-01-11 07:22, Marco Moock wrote:
On 10.01.2026 17:40 Uhr Reinder wrote:When trying to disable automatic binding of a (wrongly) advertised ipv6 IP I got stuck and only got it to work with the bottom two lines below in my /etc/sysctl.d/am-no-ipv6.conf:The right way is to fix that issue instead of changing every device.root@reinder:~# cat /etc/sysctl.d/am-no-ipv6.conf net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.all.autoconf=0 net.ipv6.conf.default.accept_ra=0 net.ipv6.conf.default.autoconf=0 net.ipv6.conf.ens18.accept_ra=0 net.ipv6.conf.ens19.accept_ra=0 root@reinder:~# This is, to me, unexpected, even unwanted behavior? I would expect disabling default and all to work and prevent ipv6 routing and perhaps need of firewalling?!The first question is the current state, so check if your values are applied with sysctl -a. Routing is handled different, the settings you mentioned disable the SLAAC address generation and the insertion of the routes (default and for each advertised prefix) from the RA. It doesn't disable IPv6 routing at all and it is entirely unrelated about firewalling. You should definitely fix the real problems instead of tinkering around here.What I also tried before and still have access but does not prevent an ipv6 from binding:There are other ways of IPv6 addressing, like link-local.root@reinder:~# tail -7 /etc/dhcpcd.conf ## only ipv4 ipv4only ipv6ra_noautoconf nodhcp6 noipv6 noipv6rs noipv4ll root@reinder:~#Do you really use dhcpcd or do you use the NetworkManager?