Additional Context (AI translation): I apologize for any confusion caused by translation.
Problem:
My network traffic needs to be processed by an internal device’s proxy software before reaching the internet. However, due to the nature of IPv6, I cannot set a gateway and DNS for specific devices as I would with IPv4, which results in traffic using IPv6 addresses instead of URLs directly going to the internet and bypassing the processing.
Why not block IPv6 traffic with a firewall?
Some software, when a device has an IPv6 address, will prefer to use IPv6 to access resources, which causes slower loading times.
Why not disable IPv6 entirely?
Other devices in the network use IPv6 for about half of their traffic, so I do not want to disable it.
Why not use DHCPv6?
Android devices do not support it.
Why not use mangle?
The proxy software uses fake IPs, and applying standard connection marking and routing marking causes slow connections. The behavior of the packets is quite confusing, and I am not a network expert, so I am unable to write perfect rules.
Goal:
Prevent specific devices from obtaining an IPv6 address based on their MAC address. The device being used is hEX refresh (E50UG), which has weak performance, and I hope to retain hardware acceleration features.
If you're forced to use SLAAC (e.g. because you have android devices), then you can't prohibit any device to receive RA multicast package and make use of contained information. Unless you (manually) configure that particular device not to use IPv6.
Depending on use case you could create dedicated VLAN for that (or such) device(s) and configure router NOT to support IPv6 in that subnet. Having device in separate L2 domain comes with certain constraints though.
Another possibility is to block IPv6 traffic using src MAC address as matching criteria. This will cause delays in browsing, but only for that/those device(s). The gotcha here is "use of annonymized MAC address" which is default nowdays on android devices which makes configurations based on MAC addresses a moving target.
If you want to go a step further and stop the device from obtaining an IPv6 address through auto-configuration (SLAAC or DHCPv6), you could disable Neighbor Discovery on the interface:
/ipv6 nd
set [find interface=bridge-local] disabled=yes
Be careful: this affects all devices on that interface, not just one.
RouterOS doesn’t currently support per-MAC ND blocking, so the firewall rule above is the best per-device solution.
This, as @mkx already wrote above, will not prevent the device from receiving RA multicast messages. The multicast messages don't have the device's MAC address as the destination! As a result, the device will still automatically configure an IPv6 address for itself with the correct prefix, it also gets the correct gateway information, and will try to establish IPv6 connections to the outside (due to preference over IPv4). The firewall will block those connections, but it will cause all the delays that the OP wanted to avoid in the first place (as stated in the original post).
And disabling ND on the interface also disable it for the other devices on that interface, which is what OP does not want. And to disable ND on that interface, the default entry that normally uses all as interface needs to be disabled / removed first (and individual ND entries need to be created for the other individual interfaces).
The real solutions that won't cause delay are as @mkx already wrote, to disable IPv6 on each affected devices, or put them in a separate VLAN with no advertised prefixes.
Or if the devices are known to only use certain ports of the switches/routers, a switch rule or bridge filter can be added to filter IPv6 multicast packets on those ports.