> If I want to run a service though, then I just add a rule to allow traffic on that port to my computer's stable address.
Problem: in most consumer firewalls, and even in OpenWrt, there are simply no words to express this. I don't know what my IPv6 prefix would be next time my modem reconnects, therefore, I don't know which IPv6 address my computer would then get. However, firewall configuration tools are built under the assumption that static IPs are the only existing ones. I just cannot write "the delegated prefix from the WAN plus :d63d:7eff:fed9:0a39".
I agree that is an obvious missing functionality. It's never affected me because anywhere I've lived I've always ended up with stable prefixes/addresses (both ipv4 and v6) for years, but it's obviously something consumer firewalls need. Fortunately that's a much easier problem to fix (replace or update the one device) than trying to get everyone to use ipv6 in the first place.
Can you share a screenshot of the relevant firewall rule that allows access to one port on one IPv6 address behind the router and doesn't break when the ISP assigns a different delegated prefix?
Better late than never. Thanks! And indeed, this looks like a well-thought-out (with an explicit field for the IPv6 interface ID, as opposed to the full address) approach to IPv6 forwarding and firewalling.
Problem: in most consumer firewalls, and even in OpenWrt, there are simply no words to express this. I don't know what my IPv6 prefix would be next time my modem reconnects, therefore, I don't know which IPv6 address my computer would then get. However, firewall configuration tools are built under the assumption that static IPs are the only existing ones. I just cannot write "the delegated prefix from the WAN plus :d63d:7eff:fed9:0a39".