Refactor IPv6 disable logic and add 'disable' option (#9326)

Replaces previous IPv6 disabling method with a dedicated 'disable' option, storing sysctl settings in /etc/sysctl.d/99-disable-ipv6.conf. Updates build and install scripts to clarify the difference between 'none' (no assignment) and 'disable' (fully disables IPv6), adds user warnings, and disables IPv6 listeners in nginx if present.

Author: MickLesk

misc/alpine-install.func

@@ -13,14 +13,17 @@ load_functions
 verb_ip6() {
   set_std_mode # Set STD mode based on VERBOSE
 
-  if [ "$IPV6_METHOD" == "none" ] || [ "$DISABLEIPV6" == "yes" ]; then
-    msg_info "Disabling IPv6"
+  if [ "$IPV6_METHOD" == "disable" ]; then
+    msg_info "Disabling IPv6 (this may affect some services)"
     $STD sysctl -w net.ipv6.conf.all.disable_ipv6=1
     $STD sysctl -w net.ipv6.conf.default.disable_ipv6=1
     $STD sysctl -w net.ipv6.conf.lo.disable_ipv6=1
-    echo "net.ipv6.conf.all.disable_ipv6 = 1" >>/etc/sysctl.conf
-    echo "net.ipv6.conf.default.disable_ipv6 = 1" >>/etc/sysctl.conf
-    echo "net.ipv6.conf.lo.disable_ipv6 = 1" >>/etc/sysctl.conf
+    mkdir -p /etc/sysctl.d
+    $STD tee /etc/sysctl.d/99-disable-ipv6.conf >/dev/null <<EOF
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
+EOF
     $STD rc-update add sysctl default
     msg_ok "Disabled IPv6"
   fi

misc/build.func

@@ -627,11 +627,12 @@ advanced_settings() {
   # IPv6 Address Management selection
   while true; do
     IPV6_METHOD=$(whiptail --backtitle "Proxmox VE Helper Scripts" --menu \
-      "Select IPv6 Address Management Type:" 15 58 4 \
-      "auto" "SLAAC/AUTO (recommended, default)" \
-      "dhcp" "DHCPv6" \
-      "static" "Static (manual entry)" \
-      "none" "Disabled" \
+      "Select IPv6 Address Management Type:" 16 70 5 \
+      "auto" "SLAAC/AUTO (recommended) - Dynamic IPv6 from network" \
+      "dhcp" "DHCPv6 - DHCP-assigned IPv6 address" \
+      "static" "Static - Manual IPv6 address configuration" \
+      "none" "None - No IPv6 assignment (most containers)" \
+      "disable" "Fully Disabled - (breaks some services)" \
       --default-item "auto" 3>&1 1>&2 2>&3)
     [ $? -ne 0 ] && exit_script
 
@@ -680,7 +681,15 @@ advanced_settings() {
       break
       ;;
     none)
-      echo -e "${NETWORK}${BOLD}${DGN}IPv6: ${BGN}Disabled${CL}"
+      echo -e "${NETWORK}${BOLD}${DGN}IPv6: ${BGN}None${CL}"
+      IPV6_ADDR="none"
+      IPV6_GATE=""
+      break
+      ;;
+    disable)
+      whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox \
+        "⚠️  WARNING - FULLY DISABLE IPv6:\n\nThis will completely disable IPv6 inside the container via sysctl.\n\nSide Effects:\n  • Services requiring IPv6 will fail\n  • Localhost IPv6 (::1) will not work\n  • Some applications may not start\n\nOnly use if you have a specific reason to completely disable IPv6.\n\nFor most use cases, select 'None' instead." 14 70
+      echo -e "${NETWORK}${BOLD}${DGN}IPv6: ${BGN}Fully Disabled (IPv6 disabled via sysctl)${CL}"
       IPV6_ADDR="none"
       IPV6_GATE=""
       break

misc/install.func

@@ -15,12 +15,16 @@ load_functions
 verb_ip6() {
   set_std_mode # Set STD mode based on VERBOSE
 
-  if [ "$IPV6_METHOD" == "none" ] || [ "$DISABLEIPV6" == "yes" ]; then
-    msg_info "Disabling IPv6"
-    $STD echo "net.ipv6.conf.all.disable_ipv6 = 1" >>/etc/sysctl.conf
-    $STD echo "net.ipv6.conf.default.disable_ipv6 = 1" >>/etc/sysctl.conf
-    $STD echo "net.ipv6.conf.lo.disable_ipv6 = 1" >>/etc/sysctl.conf
-    $STD sysctl -p
+  if [ "$IPV6_METHOD" == "disable" ]; then
+    msg_info "Disabling IPv6 (this may affect some services)"
+    mkdir -p /etc/sysctl.d
+    $STD tee /etc/sysctl.d/99-disable-ipv6.conf >/dev/null <<EOF
+# Disable IPv6 (set by community-scripts)
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
+EOF
+    $STD sysctl -p /etc/sysctl.d/99-disable-ipv6.conf
     msg_ok "Disabled IPv6"
   fi
 }