Re: net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 not working?!
On 2026-01-11 09:55, Marco Moock wrote:
On 11.01.2026 09:30 Uhr Reinder wrote:
Something must be ignoring the default/all setting or forcing it back
on.
Are the NetworkManager or systemd-networkd active?
No they are disabled, see below.
root@reinder:~# sysctl -a |grep net.ipv6.conf.*accept_ra
[...]
net.ipv6.conf.ens18.accept_ra = 1
[...]
net.ipv6.conf.ens19.accept_ra = 1
And that means the RA will be accepted and the route installed.
Yes but what can be enabling those when I force all and default off by
kernel command line and sysctl configuration?!
Did you already check why the wrong RA exists?
If not, this is the first task.
I agree this could fix my wrong RA problem, but since I am in an
environment where getting someone else to stop this announcement is a
*pain* I want to just ignore it.
And all obvious ways (to me) to not accept these RA's seem to fail. What
happens if an unknown entity plugs in my network and sends RA's?!
More information:
root@reinder:~# systemctl status systemd-networkd
○ systemd-networkd.service - Network Configuration
Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
disabled; preset: enabled)
Active: inactive (dead)
TriggeredBy: ○ systemd-networkd.socket
Docs: man:systemd-networkd.service(8)
man:org.freedesktop.network1(5)
FD Store: 0 (limit: 512)
root@reinder:~# sysctl -a |grep accept_ra\
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.ens18.accept_ra = 1
net.ipv6.conf.ens19.accept_ra = 1
net.ipv6.conf.lo.accept_ra = 1
root@reinder:~# grep -i accept /etc/systemd/networkd.conf
IPv6AcceptRA=no
[IPv6AcceptRA]
IPv6AcceptRA=no
root@reinder:~# grep accept_ra /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-6.12.57+deb13-amd64
root=UUID=0f24c174-2023-4844-9f8c-0b9f55d5881c ro
net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 quiet
root@reinder:~# ip a s dev ens18|grep kernel_ra|sed
's#[0-9]*:*:*:*:*:#xx:xx:xx:xx:xx:#'
inet6 xx:xx:xx:xx:xx:7b8:627:2:be24:11ff:febe:1b7/64 scope global
dynamic mngtmpaddr proto kernel_ra
root@reinder:~# dpkg-query -l|grep -i network
ii ifupdown 0.8.44
amd64 high level tools to configure network interfaces
ii iproute2 6.15.0-1
amd64 networking and traffic control tools
ii iputils-ping 3:20240905-3
amd64 Tools to test the reachability of network hosts
ii net-tools 2.10-1.3
amd64 NET-3 networking toolkit
ii netbase 6.5
all Basic TCP/IP networking system
ii traceroute 1:2.1.6-1
amd64 Traces the route taken by packets over an IPv4/IPv6 network
root@reinder:~# grep -r accept_ra /usr/
grep: /usr/lib/systemd/systemd-networkd: binary file matches
grep: /usr/lib/x86_64-linux-gnu/libcrypto.so.3: binary file matches
grep: /usr/bin/openssl: binary file matches
grep: /usr/sbin/dhcpcd: binary file matches
grep: /usr/sbin/ifup: binary file matches
root@reinder:~#
At the moment I am thinking maybe ifup is still doing something? Though
there is no inet6 configuration in /etc/network/interfaces:
root@reinder:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens18
iface ens18 inet dhcp
# The secondary network interface
allow-hotplug ens19
iface ens19 inet dhcp
root@reinder:~# ls -als /etc/network/interfaces.d/*
ls: cannot access '/etc/network/interfaces.d/*': No such file or
directory
root@reinder:~#
Something still must be enabling accept_ra on my ens18 and ens19 unless
it is a kernel issue where default/all doesn't work?
Or am I missing something else?!
Reply to: