J'ai un firewall par zone :
Chain VZONE_local_IN (1 references)
pkts bytes target prot opt in out source destination
58 6032 RETURN all lo any anywhere anywhere
0 0 ipv6-wan-to-local all eth1 any anywhere anywhere
0 0 RETURN all eth1 any anywhere anywhere
0 0 ipv6-wan-to-local all eth1.832 any anywhere anywhere
0 0 RETURN all eth1.832 any anywhere anywhere
73 23684 DROP all any any anywhere anywhere
Chain VZONE_local_OUT (1 references)
pkts bytes target prot opt in out source destination
58 6032 RETURN all any lo anywhere anywhere
0 0 ipv6-local-to-wan all any eth1 anywhere anywhere
0 0 RETURN all any eth1 anywhere anywhere
127 26564 ipv6-local-to-wan all any eth1.832 anywhere anywhere
127 26564 RETURN all any eth1.832 anywhere anywhere
321 49134 DROP all any any anywhere anywhere
Chain VZONE_wan (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all eth1.832 any anywhere anywhere
0 0 RETURN all eth1 any anywhere anywhere
0 0 DROP all any any anywhere anywhere
Chain ipv6-local-to-wan (2 references)
pkts bytes target prot opt in out source destination
127 26564 RETURN all any any anywhere anywhere /* ipv6-local-to-wan-1 */ state NEW,RELATED,ESTABLISHED
0 0 DROP all any any anywhere anywhere /* ipv6-local-to-wan-2 */ state INVALID
0 0 RETURN all any any anywhere anywhere /* ipv6-local-to-wan-3 */
0 0 LOG all any any anywhere anywhere /* ipv6-local-to-wan-10000 default-action drop */ LOG level warning prefix "[ipv6-local-to-wa-default-D]"
0 0 DROP all any any anywhere anywhere /* ipv6-local-to-wan-10000 default-action drop */
Chain ipv6-wan-to-local (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all any any anywhere anywhere /* ipv6-wan-to-local-1 */ state RELATED,ESTABLISHED
0 0 DROP all any any anywhere anywhere /* ipv6-wan-to-local-2 */ state INVALID
0 0 RETURN ipv6-icmp any any anywhere anywhere /* ipv6-wan-to-local-3 */
0 0 RETURN udp any any anywhere anywhere /* ipv6-wan-to-local-4 */ udp dpt:dhcpv6-client
0 0 LOG all any any anywhere anywhere /* ipv6-wan-to-local-10000 default-action drop */ LOG level warning prefix "[ipv6-wan-to-loca-default-D]"
0 0 DROP all any any anywhere anywhere /* ipv6-wan-to-local-10000 default-action drop */
tcpdump voit partir les requêtes mais rien ne revient effectivement :
root@bdx-val-rt1:~# tcpdump -i eth1.832 -vvvvvv -n ip6
tcpdump: listening on eth1.832, link-type EN10MB (Ethernet), capture size 262144 bytes
10:02:09.005768 IP6 (hlim 1, next-header UDP (17) payload length: 172) fe80::26a4:3cff:fe3c:c159.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=64020e (client-ID hwaddr/time type 1 time 519334976 24a43c3cc159) (IA_PD IAID:1 T1:4294967295 T2:4294967295) (elapsed-time 0) (vendor-class) (user-class) (authentication proto: 0, alg: 0, RDM: mono, RD: 0000 0000 0000 0000 ??) (authentication proto: 0, alg: 0, RDM: mono, RD: 0000 0000 0000 0000 ??) (option-request vendor-class user-class authentication))
10:02:10.027988 IP6 (hlim 1, next-header UDP (17) payload length: 172) fe80::26a4:3cff:fe3c:c159.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=64020e (client-ID hwaddr/time type 1 time 519334976 24a43c3cc159) (IA_PD IAID:1 T1:4294967295 T2:4294967295) (elapsed-time 100) (vendor-class) (user-class) (authentication proto: 0, alg: 0, RDM: mono, RD: 0000 0000 0000 0000 ??) (authentication proto: 0, alg: 0, RDM: mono, RD: 0000 0000 0000 0000 ??) (option-request vendor-class user-class authentication))
10:02:12.063921 IP6 (hlim 1, next-header UDP (17) payload length: 172) fe80::26a4:3cff:fe3c:c159.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=64020e (client-ID hwaddr/time type 1 time 519334976 24a43c3cc159) (IA_PD IAID:1 T1:4294967295 T2:4294967295) (elapsed-time 300) (vendor-class) (user-class) (authentication proto: 0, alg: 0, RDM: mono, RD: 0000 0000 0000 0000 ??) (authentication proto: 0, alg: 0, RDM: mono, RD: 0000 0000 0000 0000 ??) (option-request vendor-class user-class authentication))
10:02:16.109815 IP6 (hlim 1, next-header UDP (17) payload length: 172) fe80::26a4:3cff:fe3c:c159.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=64020e (client-ID hwaddr/time type 1 time 519334976 24a43c3cc159) (IA_PD IAID:1 T1:4294967295 T2:4294967295) (elapsed-time 700) (vendor-class) (user-class) (authentication proto: 0, alg: 0, RDM: mono, RD: 0000 0000 0000 0000 ??) (authentication proto: 0, alg: 0, RDM: mono, RD: 0000 0000 0000 0000 ??) (option-request vendor-class user-class authentication))
Je ne vois rien dans les logs du firewall concernant le drop de packet dhcpv6.