Strange sysctl behavior on Ubuntu Server 18.04

Question

Let's say I have an Ubuntu bionic server that I wish to disable IPv6 on. (Important: This is not an XY Problem, please don't guess at what I'm trying to achieve or ask me why I want to do this. I know how great and wonderful IPv6 is, no need to preach to the choir.) One way to do this is to set the following sysctls:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

When sysctl is run manually with the settings above, this disables all IPv6 networking on the host:

# ip -6 a
#

Great, but that doesn't persist through a reboot. The recommended way to make sysctls persist is to put them in /etc/sysctl.conf, or a file in /etc/sysctl.d. I did that, but after a reboot, IPv6 is still there:

# ip -6 addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 <censored>/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 2591985sec preferred_lft 604785sec
    inet6 fe80::250:56ff:feae:c158/64 scope link 
       valid_lft forever preferred_lft forever

And yet, the sysctls appear to be correctly set:

# sysctl net.ipv6.conf.all.disable_ipv6 net.ipv6.conf.default.disable_ipv6 net.ipv6.conf.lo.disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

However when I set them on the command line, to the same value, suddenly IPv6 is actually disabled:

# sysctl -w net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
# ip -6 addr
# 

So my question, then, is: Why does setting sysctls to specific non-default values in /etc/sysctl.d/ appear to be doing something according to the output of sysctl itself, and yet not actually affecting the kernel's behavior? Is there some subtle difference between setting a sysctl and having it take effect?

I know that sysctl is an interface for /proc/sys but I am seeing the same thing there as well:

# cat /proc/sys/net/ipv6/conf/all/disable_ipv6 
1
# ip -6 a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 <censored>/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 2591945sec preferred_lft 604745sec
    inet6 fe80::250:56ff:feae:c158/64 scope link 
       valid_lft forever preferred_lft forever
# echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
# ip -6 a
#

Also, I have done significant research into this, this question is NOT a dupe of any of these:

• How to disable IPv6 permanently?
• Disable IPv6 on Ubuntu 17.10 (Netplan)
• /etc/sysctl.conf doesn't persist after reboot
• /etc/sysctl.conf settings do not last after reboot
• Ubuntu 12.04, why service procps start doesn't start procps?

Answer 1

I made a realy bad hack to solve this Problem on bionic. It is a timing problem, as steeldriver mentiond.

cp -a /lib/systemd/system/systemd-sysctl.service /etc/systemd/system/

In the new File I add Requires=network.target

create a file etc/sysctl.d/50-ipv6.conf with content net.ipv6.conf.all.disable_ipv6 = 1 If you use NetworkManager on your server don't forget to set method=ignore

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=ignore

in your network connection.

I hope I wrote understandable.