diff --git a/internal/app/machined/pkg/controllers/runtime/kernel_param_defaults.go b/internal/app/machined/pkg/controllers/runtime/kernel_param_defaults.go
index c2cfc23d9..58860e2ee 100644
--- a/internal/app/machined/pkg/controllers/runtime/kernel_param_defaults.go
+++ b/internal/app/machined/pkg/controllers/runtime/kernel_param_defaults.go
@@ -6,6 +6,8 @@ package runtime
 
 import (
 	"context"
+	"errors"
+	"os"
 
 	"github.com/cosi-project/runtime/pkg/controller"
 	"github.com/cosi-project/runtime/pkg/resource"
@@ -60,10 +62,6 @@ func (ctrl *KernelParamDefaultsController) Run(ctx context.Context, r controller
 			if err := r.Modify(ctx, item, func(res resource.Resource) error {
 				res.(*runtime.KernelParamDefaultSpec).TypedSpec().Value = value
 
-				if res.Metadata().ID() == "proc.sys.net.ipv6.conf.default.forwarding" {
-					res.(*runtime.KernelParamDefaultSpec).TypedSpec().IgnoreErrors = true
-				}
-
 				return nil
 			}); err != nil {
 				return err
@@ -95,15 +93,24 @@ func (ctrl *KernelParamDefaultsController) getKernelParams() []*kernel.Param {
 		}...)
 	}
 
+	// Apply IPv6 defaults only if IPv6 is enabled.
+	// NB: we only prevent the application of these rules if the IPv6 node does not exist.
+	// Other errors should be ignored here so that they bubble up later, where errors can be logged and handled.
+	_, err := os.Stat("/proc/sys/net/ipv6/conf/default/accept_ra")
+	if err == nil || !errors.Is(err, os.ErrNotExist) {
+		res = append(res, []*kernel.Param{
+			{
+				Key:   "proc.sys.net.ipv6.conf.default.forwarding",
+				Value: "1",
+			},
+			{
+				Key:   "proc.sys.net.ipv6.conf.default.accept_ra",
+				Value: "2",
+			},
+		}...)
+	}
+
 	res = append(res, []*kernel.Param{
-		{
-			Key:   "proc.sys.net.ipv6.conf.default.forwarding",
-			Value: "1",
-		},
-		{
-			Key:   "proc.sys.net.ipv6.conf.default.accept_ra",
-			Value: "2",
-		},
 		// ipvs/conntrack tcp keepalive refresh.
 		{
 			Key:   "proc.sys.net.ipv4.tcp_keepalive_time",