IPv6: problem with adresses on all interfaces without the UI possibility to disable

I have several TrueNAS SCALE hosts, which are running VMs on bridges which run ontop of VLANs on bonded interfaces. This all works fine in ervery aspect but IPv6 address assignment.
Per default every inteface, even veth interfaces get at least an IPv6 LL (link local) address, even if you never configure IPv6 on these. When there are RAs (router advertisements) they even do SLAAC and acquire GUA or ULA addresses.
This is a massive security hole, as a VM running inside the corresponding bridged VLAN also can reach the LL address.
This also applies to any other host without VMs, as filesharing and MGMT access is also possible over these addresses.
But currently there is no GUI way to control IPv6 in a meaningful manner.

My workaround now is to configure the following sysctls:
“net.ipv6.conf.br1.disable_ipv6” with a value of “0” (wherein br1 can be your MGMT interface or any other as needed)
and
“net.ipv6.conf.default.disable_ipv6” with a value of “1”.
This essentially disables IPv6 per default but on the interfaces you want to have an address on.
But this is kind of hacky and ist easily broken by just renaming the interfaces.

Is there or will there be any other way, to control/configure this?

See this recent thread where I raised the same and even created a bug ticket for it, alas it was rejected. Maybe lend your support there.

Good workaround you found by the way albeit hacky as you say (and shouldn’t be needed of course).

Thank you for making me aware of that and happy to be of help with my workaround.