I’m trying to create an IPv6 firewall rule list into a router, and found some strange thing in the input chain:
Input:
/ipv6 firewall address-list add address=2001:db8:4::/48 list="Allowed Management V6"
/ipv6 firewall filter add action=accept chain=input comment="Allow Management From AddressList" dst-port=8291,22 protocol=tcp src-address-list="Allowed Management V6"
This is not working (winbox and SSH timeouts), when accessing from: 2001:db8:4:112:20b1:b29c:59a0:1639.
/ipv6 firewall filter add action=accept chain=input comment="Allow Management From XY" dst-port=8291,22 protocol=tcp src-address=2001:db8:4::/48
This is working, when accessing from the same address, as above.
Forward:
/ipv6 firewall address-list add address=2001:db8:4::/48 list="Allowed Management V6"
/ipv6 firewall filter add action=accept chain=forward comment="ALLOW From AddressList" src-address-list="Allowed Management V6"
Applying this rules, I can access devices behind the router, so in the forward chain the AddressList is working.
What do I miss to configure in the input chain?
PS: Yes I know those are not real IPv6 adresses, I used them for privacy 