Configured nftables for IPv6; DHCP Advertise is missing. Firewall snippet:
table ipv6chain {
chain inbound { type filter hook input priority 10; policy drop; udp dport 546 accept; }
}
Could my configuration be at fault?
This situation reminds me of a similar issue I resolved recently. The main point is that the chain handling for DHCPv6 may require a slightly different configuration compared to IPv4. In my experience, ensuring that both the specific port and the associated inbound/outbound traffic are handled correctly is key. You might want to examine if additional helper or connection tracking support is needed for DHCPv6 packets. A detailed packet capture often helps in identifying whether the DHCP offer or request is blocked by the firewall rules.
hey, check if you need to add a rule for ESTABLISH’d connections. ipv6 dhcp can be picky about connection tracking. it helped me fix similar issues
hey, i’ve been mullin over this issue and wonder if the rule order or maybe missing module like ipv6 conntrack might be causin some hiccups. i had a similar problem where even though i was allowin udp dport 546, the reply packets weren’t bein tracked correctly, so it turned out that a specific conntrack helper needed to be loaded. also, sometimes a drop policy that is too greedy might block some of the expected dhcpv6 handshakes. have you tried addin some logging to see where the packets are gettin dropped? maybe the stateful connection feature could help here. what are your thoughts on this? any more details about what the logs show?