Marco Moock <[email protected]> writes: > On 04.03.2026 14:20 Uhr Anssi Saari wrote:
>> Turns out I apparently need to allow DHCPv6 explicitly in the firewall >> at least on Debian 12? The stateful stuff in nftables doesn't seem to >> cover DHCPv6 and in fact, I've done the same earlier on my router to >> my ISP and the router is also running Debian 12. > > Enable firewall logging and look for rejections. > > Also use Wireshark and check if the router advertisement includes the M > flag (otherwise clients will not try to contact it) Thanks but this was solved via the mentioned firewall change. And no, apparently there's no support for DHCPv6 in kernel level connection tracking, in practice DHCPv6 connection tracking would need userspace support via conntrackd. Which seems fairly complicated so I don't think I'm going to bother with it. Maybe as a comment to the question on the subject, if there's an easy way in IPv6 to provide DNS to local host names, I guess the simplest thing way would be SLAAC and just use EUI-64 addresses. Adding privacy extensions to that limits MAC address leakage.
