There appears to be a ton of ICMPv6 neighbor solicitation packets on an upstream network, and I can't seem to be able to block them with my firewall. I don't fully control the devices on the upstream network so I can't disconnect them one by one and figure out which one is the culprit, so I thought I would try to block them locally on my own router instead as a temporary solution.
I'm using DHCPv6 in relay mode, and I have confirmed that those neighbor discovery packets are coming from the upstream network by sniffing packets on the network connection that my router's WAN interface is attached to. Below are screenshots for the firewall rule I tried to add. I have placed this rule at the very top and tried tinkering with the source zone, destination zone, source MAC, and no matter what I try those packets just keep coming. At this point I'm out of ideas and would appreciate some help on how to make this firewall rule work.
Additionally, it would also be acceptable if I can tell dnsmasq to stop forwarding those neighbor solicitation requests, but I have not found a way to do so in dnsmasq's docs either.
