diff --git a/libnetwork/pasta/pasta_linux.go b/libnetwork/pasta/pasta_linux.go
index 2ee6369ef..698748efb 100644
--- a/libnetwork/pasta/pasta_linux.go
+++ b/libnetwork/pasta/pasta_linux.go
@@ -110,13 +110,25 @@ func Setup(opts *SetupOptions) (*SetupResult, error) {
 			return err
 		}
 		for _, addr := range addrs {
-			// make sure to skip localhost and other special addresses
-			if ipnet, ok := addr.(*net.IPNet); ok && ipnet.IP.IsGlobalUnicast() {
-				result.IPAddresses = append(result.IPAddresses, ipnet.IP)
-				if !ipv4 && util.IsIPv4(ipnet.IP) {
+			// make sure to skip loopback and multicast addresses
+			if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() && !ipnet.IP.IsMulticast() {
+				if util.IsIPv4(ipnet.IP) {
+					result.IPAddresses = append(result.IPAddresses, ipnet.IP)
 					ipv4 = true
-				}
-				if !ipv6 && util.IsIPv6(ipnet.IP) {
+				} else if !ipnet.IP.IsLinkLocalUnicast() {
+					// Else must be ipv6, and
+					// also skip link local for ipv6 addresses. First even if you
+					// disable ipv6 support via pasta -4 the kernel will always
+					// assign a link local addresses to the tap interface. So that
+					// alone should not mean ipv6 is supported.
+					// Second ipv6 link local is special in that sense that each
+					// address alone is useless until you also specify the zone
+					// (interface) when trying to connect to it.
+					// Thus adding a ipv6 link local address to IPAddresses should
+					// not be done as podman uses this for the hosts entry. And
+					// given we cannot include the zone here in the net.IP type
+					// we ignore it instead.
+					result.IPAddresses = append(result.IPAddresses, ipnet.IP)
 					ipv6 = true
 				}
 			}