Firewall: strange behaviour of IPv6

I am new to Turris Omnia and tried to work with the firewall.

When I set “Input” to “Reject” for LAN side and add firewall rules which allow my networks this works at first.

After about 5 minutes I can neither access the router nor route traffic through it for IPv6.

With IPv4 everything continues to work.

This behaviour is reproducable. I also allow fe80::/10 and ff00::/8 but also link locale is no more reachable after this time.

What could be the reason for this?

This is because you are blocking ICMPv6 traffic, which is essential for IPv6 functionality, like neighbour discovery protocol, which runs on top of ICMPv6.

If you allow incoming ICMPv6 everything should work. Refer to RFC 4890: Recommendations for Filtering ICMPv6 Messages in Firewalls for further informations.

Thank you. This solved the issue immediately.

“Allow-ICMPv6-Input” and “Allow-MLD” are input rules which came by factory with source interface “wan”.

I changed “wan” to “any” and now it works!