How to config my ipv6 firewall

My IPv6 address uses EUI-64 fixed suffix, how do I allow the fixed suffix IP address in the firewall?

You use a negative netmask, you can also set a static IPv6 lease so that you do not have to work with the SLAAC address, but doing something like list dest_ip '::EUI-64 fixed/-64' also works

Negative netmask: https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_ipv6_examples#dynamic_prefix_forwarding

My own IPv6 "forwarding" to my VPN router:

config rule
	option name 'wg-server6-6'
	list proto 'udp'
	option src 'wan'
	option dest 'lan'
	option dest_port '51810'
	option target 'ACCEPT'
	option family 'ipv6'
	list dest_ip '::6/-64'

The used static lease:

config host
	option dns '1'
	option name 'EA8500'
	option mac 'C0:56:27:XX:XX:XX'
	option ip '192.168.0.6'
	option leasetime '6h'
	option duid '00030001c052345455f'
	option hostid '06'

Note IPV6 "forwarding" is just opening up the firewall for the port and destination address