The origin of the link-local allow rule for DHCPv6 traffic is a bit weird and the rule itself is probably dysfunctional, see https://github.com/pfsense/pfsense/commit/dbcddabcdf7e -- It has never been edited again and remains the same in OPNsense and pfSense today. Typically server client traffic exchanges exclusively over port 546 and 547 so the original one may have been a typo.
Now as witnessed by #7527 the server port could be random, but should always come from link-local so we can merge both rules into one without causing much problems. Works fine locally on my network too.
The origin of the link-local allow rule for DHCPv6 traffic is a bit weird and the rule itself is probably dysfunctional, see https://github.com/pfsense/pfsense/commit/dbcddabcdf7e -- It has never been edited again and remains the same in OPNsense and pfSense today. Typically server client traffic exchanges exclusively over port 546 and 547 so the original one may have been a typo.
Now as witnessed by #7527 the server port could be random, but should always come from link-local so we can merge both rules into one without causing much problems. Works fine locally on my network too.