I propose changing "from fe80::/10" (and the recently added to ff02::1:2) to "from any", "to any".
There was recently an issue where an ISP was sending DHCPv6 PD advertisements from a global address, and the dhcpcd maintainer weighed in here: https://github.com/NetworkConfiguration/dhcpcd/issues/170#issuecomment-1387318448 $ cvs diff -u ports/net/dhcpcd/pkg/README Index: ports/net/dhcpcd/pkg/README =================================================================== RCS file: /cvs/ports/net/dhcpcd/pkg/README,v retrieving revision 1.13 diff -u -r1.13 README --- ports/net/dhcpcd/pkg/README 8 Jan 2023 10:01:02 -0000 1.13 +++ ports/net/dhcpcd/pkg/README 18 Jan 2023 16:29:23 -0000 @@ -14,8 +14,8 @@ Also ensure that pf.conf(5) allows DHCPv6 traffic to pass, for example: - pass in quick on pppoe0 proto udp from fe80::/10 port dhcpv6-server to fe80::/10 port dhcpv6-client - pass out quick on pppoe0 proto udp from fe80::/10 port dhcpv6-client to ff02::1:2 port dhcpv6-server + pass in quick on pppoe0 proto udp from any port dhcpv6-server to fe80::/10 port dhcpv6-client + pass out quick on pppoe0 proto udp from fe80::/10 port dhcpv6-client to any port dhcpv6-server As usual with IPv6, you will also need to allow address resolution (with IPv6 this is done "in band" using icmp6 packets which must be allowed
