Correct Guest DHCPv6 destination port: 546 or 547?

abteks · September 25, 2022, 8:31am

hi there!

Default OOTB OpenWrt firewall rule configuration contains a rule named "Allow-DHCPv6" with a destination port: 546:

But in this post, user @trendy has shared his own Guest ipv6 firewall rules where the Destination port for Guest DHCPv6 is 547, and port 546 is specified as a Source port.

config rule
        option name 'Allow-GUESTWIFI-DHCPv6'
        option family 'ipv6'
        list proto 'udp'
        option src 'guest'
        option src_port '546'
        option dest_port '547'
        option target 'ACCEPT'

Please clarify, what is the correct Destination port (as well as Source port) in the firewall config to allow DHCPv6 for the Guest?
Thanks.

badulesia · September 25, 2022, 8:39am

According to RFC 8415
https://www.rfc-editor.org/rfc/rfc8415.html

Clients listen for DHCP messages on UDP port 546. Servers and relay agents listen for DHCP messages on UDP port 547.

abteks · September 25, 2022, 8:59am

No any Servers in my Guest network (actually, there are no servers at all for all my networks), also I'm getting ipv6 to Guest network via prefix delegation method (no ipv6 relay).
Does it mean that I should use destination port 546 for Guest DHCPv6 (similar to the default OpenWrt firewall config)?

trendy · September 25, 2022, 10:39am

These are different cases.
DHCP6s is 547 which you want to allow on the input of the guest interface.
The rule for 546 on wan covers a specific need.

abteks · September 25, 2022, 11:21am

thanks for the confirmation!
Then the default firewall rule for DHCPv6 from WAN should remain unchanged with destination port 546:

But new firewall rule for DHCPv6 from the Guest network should use destination port 547 and source port 546:

Thank you.

system · October 5, 2022, 11:21am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.