diff --git a/0031-net-fix-ipv6_dhcpv6_stateful-stateless-slaac-configu.patch b/0031-net-fix-ipv6_dhcpv6_stateful-stateless-slaac-configu.patch
new file mode 100644
index 0000000..e09edbe
--- /dev/null
+++ b/0031-net-fix-ipv6_dhcpv6_stateful-stateless-slaac-configu.patch
@@ -0,0 +1,121 @@
+From 53625ea5705ced07738fdb7c23d7f8952a62f2da Mon Sep 17 00:00:00 2001
+From: Ani Sinha <anisinha@redhat.com>
+Date: Thu, 7 Sep 2023 02:36:52 +0530
+Subject: [PATCH] net: fix ipv6_dhcpv6_stateful/stateless/slaac configuration
+ for rhel (#4395)
+
+When network type is ipv6_dhcpv6-stateful/stateless/slaac, cloud-init seems to
+enable dhcp for both ipv4 and ipv6. Network manager prefers dhcp over ipv4 and
+hence dhcp6 is not used to obtain the IP address. This is incorrect.
+For only ipv6_dhcpv6-stateful/stateless/slaac networks, we should set:
+
+ipv4.method = disabled // disables all ipv4 dhcp
+
+For ifcfg files (sysconfig renderer), the corresponding changes should be:
+BOOTPROTO = none // instead of dhcp so that dhcp4 is disabled.
+
+Additionally, for only ipv6_dhcpv6_stateful, we should set:
+ipv6.may-fail = no // dhcp6 must succeed.
+
+which translates to the following ifcfg setting:
+IPV6_FAILURE_FATAL = yes // so that dhcp6 should succeed.
+
+This patch fixes this for rhel. The patch has been tested by Red Hat QE.
+
+RHBZ: 2046491
+fixes: f550c8765ca03d3 ("Adding BOOTPROTO = dhcp to render sysconfig dhcp6 stateful on RHEL (#685)")
+
+Signed-off-by: Ani Sinha <anisinha@redhat.com>
+(cherry picked from commit fd214a1243011275c5dffb92b481c235e4c7a1bf)
+---
+ cloudinit/net/network_manager.py | 9 +++++++++
+ cloudinit/net/sysconfig.py       | 6 +++---
+ tests/unittests/test_net.py      | 9 ++++++++-
+ 3 files changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py
+index 8047f796..7a32691e 100644
+--- a/cloudinit/net/network_manager.py
++++ b/cloudinit/net/network_manager.py
+@@ -105,6 +105,14 @@ class NMConnection:
+         if self.config[family]["method"] == "auto" and method == "manual":
+             return
+ 
++        if (
++            subnet_type == "ipv6_dhcpv6-stateful"
++            or subnet_type == "ipv6_dhcpv6-stateless"
++            or subnet_type == "ipv6_slaac"
++        ):
++            # set ipv4 method to 'disabled' to align with sysconfig renderer.
++            self._set_default("ipv4", "method", "disabled")
++
+         self.config[family]["method"] = method
+         self._set_default(family, "may-fail", "false")
+ 
+@@ -342,6 +350,7 @@ class Renderer(renderer.Renderer):
+ 
+     def __init__(self, config=None):
+         self.connections = {}
++        self.config = config
+ 
+     def get_conn(self, con_id):
+         return self.connections[con_id]
+diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
+index f2c7c92c..af746599 100644
+--- a/cloudinit/net/sysconfig.py
++++ b/cloudinit/net/sysconfig.py
+@@ -436,13 +436,13 @@ class Renderer(renderer.Renderer):
+                         iface_cfg["BOOTPROTO"] = "dhcp6"
+                     iface_cfg["DHCLIENT6_MODE"] = "managed"
+                 # only if rhel AND dhcpv6 stateful
+-                elif (
+-                    flavor == "rhel" and subnet_type == "ipv6_dhcpv6-stateful"
++                elif flavor == "rhel" and (
++                    subnet_type == "ipv6_dhcpv6-stateful"
+                 ):
+-                    iface_cfg["BOOTPROTO"] = "dhcp"
+                     iface_cfg["DHCPV6C"] = True
+                     iface_cfg["IPV6INIT"] = True
+                     iface_cfg["IPV6_AUTOCONF"] = False
++                    iface_cfg["IPV6_FAILURE_FATAL"] = True
+                 else:
+                     iface_cfg["IPV6INIT"] = True
+                     # Configure network settings using DHCPv6
+diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
+index d49da696..e1cd53c2 100644
+--- a/tests/unittests/test_net.py
++++ b/tests/unittests/test_net.py
+@@ -1760,6 +1760,9 @@ NETWORK_CONFIGS = {
+                 method=auto
+                 may-fail=false
+ 
++                [ipv4]
++                method=disabled
++
+                 """
+             ),
+         },
+@@ -1872,6 +1875,9 @@ NETWORK_CONFIGS = {
+                 method=auto
+                 may-fail=false
+ 
++                [ipv4]
++                method=disabled
++
+                 """
+             ),
+         },
+@@ -1920,11 +1926,12 @@ NETWORK_CONFIGS = {
+             "ifcfg-iface0": textwrap.dedent(
+                 """\
+             AUTOCONNECT_PRIORITY=120
+-            BOOTPROTO=dhcp
++            BOOTPROTO=none
+             DEVICE=iface0
+             DHCPV6C=yes
+             IPV6INIT=yes
+             IPV6_AUTOCONF=no
++            IPV6_FAILURE_FATAL=yes
+             IPV6_FORCE_ACCEPT_RA=yes
+             DEVICE=iface0
+             ONBOOT=yes
diff --git a/cloud-init.spec b/cloud-init.spec
index 1a9c25d..05a1d70 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -1,6 +1,6 @@
 Name:           cloud-init
 Version:        23.1.1
-Release:        11%{?dist}
+Release:        12%{?dist}
 Summary:        Cloud instance init scripts
 License:        ASL 2.0 or GPLv3
 URL:            http://launchpad.net/cloud-init
@@ -38,6 +38,7 @@ Patch27: 0027-Handle-non-existent-ca-cert-config-situation-2073.patch
 Patch28: 0028-logging-keep-current-file-mode-of-log-file-if-its-st.patch
 Patch29: 0029-DS-VMware-modify-a-few-log-level-4284.patch
 Patch30: 0030-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch
+Patch31: 0031-net-fix-ipv6_dhcpv6_stateful-stateless-slaac-configu.patch
 
 BuildArch:      noarch
 
@@ -209,16 +210,19 @@ fi
 %postun
 %systemd_postun cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service
 
-if [ -f /etc/ssh/sshd_config.d/50-cloud-init.conf ] ; then
-    echo "/etc/ssh/sshd_config.d/50-cloud-init.conf not removed"
-fi
+if [ $1 -eq 0 ] ; then
+    # warn during package removal not upgrade
+    if [ -f /etc/ssh/sshd_config.d/50-cloud-init.conf ] ; then
+	echo "/etc/ssh/sshd_config.d/50-cloud-init.conf not removed"
+    fi
 
-if [ -f /etc/NetworkManager/conf.d/99-cloud-init.conf ] ; then
-    echo "/etc/NetworkManager/conf.d/99-cloud-init.conf not removed"
-fi
+    if [ -f /etc/NetworkManager/conf.d/99-cloud-init.conf ] ; then
+	echo "/etc/NetworkManager/conf.d/99-cloud-init.conf not removed"
+    fi
 
-if [ -f /etc/NetworkManager/conf.d/30-cloud-init-ip6-addr-gen-mode.conf ] ; then
-    echo "/etc/NetworkManager/conf.d/30-cloud-init-ip6-addr-gen-mode.conf not removed"
+    if [ -f /etc/NetworkManager/conf.d/30-cloud-init-ip6-addr-gen-mode.conf ] ; then
+	echo "/etc/NetworkManager/conf.d/30-cloud-init-ip6-addr-gen-mode.conf not removed"
+    fi
 fi
 
 %files
@@ -258,6 +262,11 @@ fi
 %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
 
 %changelog
+* Fri Sep 15 2023 Camilla Conte <cconte@redhat.com> - 23.1.1-12
+- Resolves: RHEL-2323
+- 0031-net-fix-ipv6_dhcpv6_stateful-stateless-slaac-configu.patch [bz#2227767]
+- Resolves: bz#2227767
+
 * Thu Aug 17 2023 Miroslav Rezanina <mrezanin@redhat.com> - 23.1.1-11
 - Resolves: bz#2232296