Skip to content

Instantly share code, notes, and snippets.

@rikka0w0

rikka0w0/pve_disable_ipv6_per_vmbr.md

Created July 2, 2024 03:39
Show Gist options
  • Save rikka0w0/ef091fc618b9d2c93ef8541df61a3ddb to your computer and use it in GitHub Desktop.
Save rikka0w0/ef091fc618b9d2c93ef8541df61a3ddb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pve_disable_ipv6_per_vmbr.md

I'm running an OpenWrt as a VM on a PVE hypervisor. The vmbr0 interface is used as private LAN and the vmbr1 is for the public WAN.

I noticed that vmbr1 got an IPv6 via SLAAC, and the admin web console was accessible on the public Internet. This is a safety threat and must be resolved. The solution is to remove the unwanted IPv6.

Method 1 - Disable IPv6 on a per-interface base

Run the following command to append to /etc/sysctl.conf, then reboot. echo 'net.ipv6.conf.vmbr1.disable_ipv6 = 1' >> /etc/sysctl.conf

Method 2 - Disable SLAAC on a per-interface base

Append the following text to /etc/network/interfaces

iface vmbr1 inet6 static
       autoconf 0
       accept_ra 0
       addr_gen_mode 1

References

  1. https://serverfault.com/questions/263976/is-there-a-way-to-disable-ipv6-slaac-on-a-per-interface-basis-in-debian
  2. https://jade.wtf/tech-notes/no-ipv6-proxmox-vmbr/
  3. https://forum.proxmox.com/threads/ipv6-address-via-slaac-on-bridge.31808/
  4. https://saudiqbal.github.io/Proxmox/proxmox-IPv6-interface-setup-DHCPv6-or-static.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment