diff --git a/defaults/main.yml b/defaults/main.yml
index f88df0d9..132c03dd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -58,6 +58,11 @@ lxc_net_dhcp_config: ''
 lxc_net_dnsmasq_user: lxc-dnsmasq
 lxc_net_domain: ''
 
+# lxc network ipv6 settings
+lxc_net6_address: null ## ie. fd05:ffb8:32b4:1212::1
+lxc_net6_netmask: null ## ie. 64
+lxc_net6_nat: false
+
 # lxc_container_net_link variable should be set to the lxc-net bridge.
 lxc_container_net_link: "{{ lxc_net_bridge }}"  ## name of the host bridge to attach to
 lxc_container_net_type: veth  ## lxc network interface type (veth, phys, vlan, macvlan, empty)
diff --git a/releasenotes/notes/lxc-net-ipv6-255787db5db6fc75.yaml b/releasenotes/notes/lxc-net-ipv6-255787db5db6fc75.yaml
new file mode 100644
index 00000000..7a6bf560
--- /dev/null
+++ b/releasenotes/notes/lxc-net-ipv6-255787db5db6fc75.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - IPv6 support has been added for the LXC bridge network. This can be
+    configured using ``lxc_net6_address``, ``lxc_net6_netmask``, and
+    ``lxc_net6_nat``.
diff --git a/templates/lxc-system-manage.j2 b/templates/lxc-system-manage.j2
index 3fd9d175..7cac4c17 100644
--- a/templates/lxc-system-manage.j2
+++ b/templates/lxc-system-manage.j2
@@ -26,6 +26,10 @@ export LXC_NETMASK="{{ lxc_net_netmask }}"
 export LXC_NETWORK="${LXC_ADDR}/${LXC_NETMASK}"
 export LXC_DHCP_RANGE="{{ lxc_net_dhcp_range }}"
 export LXC_DHCP_MAX="{{ lxc_net_dhcp_max }}"
+export LXC_IPV6_ADDR="{{ lxc_net6_address }}"
+export LXC_IPV6_MASK="{{ lxc_net6_netmask }}"
+export LXC_IPV6_NETWORK="${LXC_IPV6_ADDR}/${LXC_IPV6_MASK}"
+export LXC_IPV6_NAT="{{ lxc_net6_nat }}"
 export LXC_DHCP_CONFILE="{{ lxc_net_dhcp_config }}"
 export LXC_DNSMASQ_USER="{{ lxc_net_dnsmasq_user }}"
 export VARRUN="/run/lxc"
@@ -72,6 +76,11 @@ function remove_rules {
                                   --dport 68 \
                                   -j CHECKSUM \
                                   --checksum-fill
+
+    if [ "$LXC_IPV6_NAT" = "true" ]; then
+        ip6tables ${USE_IPTABLES_LOCK} -t nat -D POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE
+    fi
+
     success "LXC IPtables rules removed."
 }
 
@@ -80,6 +89,17 @@ function add_rules {
     set -e
     # Set ip_prwarding
     sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1
+    echo 0 > /proc/sys/net/ipv6/conf/${LXC_BRIDGE}/accept_dad || true
+
+    # Configure IPv6 if necessary
+    if [ -n "$LXC_IPV6_ADDR" ] && [ -n "$LXC_IPV6_MASK" ] && [ -n "$LXC_IPV6_NETWORK" ]; then
+        echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+        echo 0 > /proc/sys/net/ipv6/conf/${LXC_BRIDGE}/autoconf
+        ip -6 addr add dev ${LXC_BRIDGE} ${LXC_IPV6_ADDR}/${LXC_IPV6_MASK}
+        if [ "$LXC_IPV6_NAT" = "true" ]; then
+            ip6tables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE
+        fi
+    fi
 
     # Add rules to the INPUT chain
     iptables ${USE_IPTABLES_LOCK} -I INPUT -i "${LXC_BRIDGE}" -p udp --dport 67 -j ACCEPT
@@ -141,6 +161,13 @@ function pre_up {
 function start_dnsmasq {
     set -e
     info "Starting LXC dnsmasq."
+
+    # Configure IPv6 if necessary
+    LXC_IPV6_ARG=""
+    if [ -n "$LXC_IPV6_ADDR" ] && [ -n "$LXC_IPV6_MASK" ] && [ -n "$LXC_IPV6_NETWORK" ]; then
+        LXC_IPV6_ARG="--dhcp-range=${LXC_IPV6_ADDR},ra-only --listen-address ${LXC_IPV6_ADDR}"
+    fi
+
     dnsmasq "${LXC_DOMAIN_ARG}" --user="${LXC_DNSMASQ_USER}" \
                                 --pid-file="${VARRUN}/dnsmasq.pid" \
                                 --conf-file="${LXC_DHCP_CONFILE}" \
@@ -153,7 +180,7 @@ function start_dnsmasq {
                                 --dhcp-no-override \
                                 --strict-order \
                                 --bind-interfaces \
-                                --dhcp-authoritative
+                                --dhcp-authoritative $LXC_IPV6_ARG
     success "dnsmasq started."
 }