I'm running an OpenWrt as a VM on a PVE hypervisor. The vmbr0 interface is used as private LAN and the vmbr1 is for the public WAN.
I noticed that vmbr1 got an IPv6 via SLAAC, and the admin web console was accessible on the public Internet. This is a safety threat and must be resolved. The solution is to remove the unwanted IPv6.
Run the following command to append to /etc/sysctl.conf
, then reboot.
echo 'net.ipv6.conf.vmbr1.disable_ipv6 = 1' >> /etc/sysctl.conf