Open ipv6 clients to wan

Hello

My Goal: Access an intern LAN device (as example Raspberry) by it’s IPv6 from Outside world, without reverse proxy or redirect. I heard a lot that with IPv6 every device is in the WAN only the firewall is protecting it.
I’m new to this hardware and network stuff.
I found out that i can ping my clients from outside by the ipv6 but i can’t access a website on port 80.

I read a lot about open up a firewall but i can’t manage it to work. What exactly am i missing?
i tried this, and put it inside the Network > Firewall > Custom Rules, and restart the firewall: IPv4 and IPv6 Firewalls

I’ve been using > Traffic Rules in a very simple way. Just WAN-LAN, address, port, TCP, accept.

Are the Rules first win, or last win? Has it to be on top or buttom?

I tried this, ipv6 only, tcp, wan-lan, acceppt and the rest to any. still can’t access my internal ipv6 (starting with 2 so it should be public?).

I haven’t touched order in my case (they’re displayed at the end). IPv6 starting with 2xxx: sounds good.

I would be interested as well as I am not finding how to make this work either.
Actually, more details on how to configure IPv6 with PD but firewalling by the Turris would be welcome.

So it seems I had first misconfigured dhcp options for IPv6 and that when it started to work I did my tests from a server that was not able to do IPv6 (I forgot IPv6 was working with my previous provider but not my current…).
Anyway, long story short a simple rule as described above does work and no other traffic is reaching the lan devices, despite them having public IPv6 address.