I did a factory reset on my mAP-lite recently and noticed that there are now lots of “defconf” IPv6 rules. This is a good thing. I see it allows UDP port 546 which allows the dhcp client to work, this is great.
However, I found this rule:
;;; defconf: drop everything else not coming from LAN
chain=input action=drop in-interface-list=!LAN
LAN apparently refers to an interface list, but I wasn’t aware that this even existed until today. Not all of my LAN interfaces were in this list.
So I changed “in-interface-list=!LAN” to “in-interface=ether1”, ether1 is the WAN interface. I did this on 2 rules referring to !LAN. This fixed some stuff for me.
Should I add my LAN interfaces to the list and use the default rule? I don’t know if it makes a difference in this case.
Maybe you had a configured router and then later added the IPv6 package which created those default rules?
In “normal” cases the new firewall rules of course are complete and consistent, as the new default configuration
also includes those LAN and WAN interface lists and puts the proper interfaces into each of the lists.
You could reset the entire router to defaults and it should be OK again.
Maybe the default ruleset for IPv6 should check if those interface lists are present, and create them, or use
the previous firewall ruleset when they are not present.
I always enable the ipv6 package as soon as I get a device. What I think happened was one of my recent upgrades noticed the package was enabled and added this long list of default IPv6 rules. I didn’t have any rules already defined on this device.
Going forward I will ensure that all of my “LAN” interfaces are in the interface list. I had some VLAN interfaces that were not in the list so they were not affected by these !LAN rules, and stuff didn’t work.
To show what the config would look like when you would reset to default on the currently installed version.
Then you can pick parts from that to fix your running configuration when you don’t want to reset it.
(in fact the output is a script that does some checks and actions, but it is clear what the result will be)