Correct Guest DHCPv6 destination port: 546 or 547?

hi there!

Default OOTB OpenWrt firewall rule configuration contains a rule named "Allow-DHCPv6" with a destination port: 546:

But in this post, user @trendy has shared his own Guest ipv6 firewall rules where the Destination port for Guest DHCPv6 is 547, and port 546 is specified as a Source port.

config rule
        option name 'Allow-GUESTWIFI-DHCPv6'
        option family 'ipv6'
        list proto 'udp'
        option src 'guest'
        option src_port '546'
        option dest_port '547'
        option target 'ACCEPT'

Please clarify, what is the correct Destination port (as well as Source port) in the firewall config to allow DHCPv6 for the Guest?

According to RFC 8415

Clients listen for DHCP messages on UDP port 546. Servers and relay agents listen for DHCP messages on UDP port 547.

No any Servers in my Guest network (actually, there are no servers at all for all my networks), also I'm getting ipv6 to Guest network via prefix delegation method (no ipv6 relay).
Does it mean that I should use destination port 546 for Guest DHCPv6 (similar to the default OpenWrt firewall config)?

These are different cases.
DHCP6s is 547 which you want to allow on the input of the guest interface.
The rule for 546 on wan covers a specific need.

1 Like

thanks for the confirmation!
Then the default firewall rule for DHCPv6 from WAN should remain unchanged with destination port 546:

But new firewall rule for DHCPv6 from the Guest network should use destination port 547 and source port 546:

Thank you.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.