I'm running an OpenWrt as a VM on a PVE hypervisor. The vmbr0 interface is used as private LAN and the vmbr1 is for the public WAN.
I noticed that vmbr1 got an IPv6 via SLAAC, and the admin web console was accessible on the public Internet. This is a safety threat and must be resolved. The solution is to remove the unwanted IPv6.
Run the following command to append to /etc/sysctl.conf
, then reboot.
echo 'net.ipv6.conf.vmbr1.disable_ipv6 = 1' >> /etc/sysctl.conf
Append the following text to /etc/network/interfaces
iface vmbr1 inet6 static
autoconf 0
accept_ra 0
addr_gen_mode 1
- https://serverfault.com/questions/263976/is-there-a-way-to-disable-ipv6-slaac-on-a-per-interface-basis-in-debian
- https://jade.wtf/tech-notes/no-ipv6-proxmox-vmbr/
- https://forum.proxmox.com/threads/ipv6-address-via-slaac-on-bridge.31808/
- https://saudiqbal.github.io/Proxmox/proxmox-IPv6-interface-setup-DHCPv6-or-static.html