My ISP has recently implemented SLAAC support so now DHCPv6 and SLAAC is available. I have set request ipv6-address on the wan6 interface to disabled to avoid getting two IP's assigned. I don't care if it's dhcp or slaac assigned personally but I can't work out how to stop an address being allocated via SLAAC, setting sysctl options doesn't seems to make any difference.
The problem is though with a slaac assigned address openwrt seems to be reloading the firewall every 10 minutes 'Reloading firewall due to ifupdate of wan6 (wan)'. At a guess hotplug is triggering this as the message in 20-firewall matches.
Any suggestions as to why it's doing this and how to stop it? The slaac assigned address is not actually changing.
A bit of tinkering later and it's definitely being actioned by that hotplug script. The best I can come up with is procd is either not checking the address at all or is getting upset at wan6 having both a link and global address, ie say it only stores the last ipv6 listed and that happens to be the link address but compares all addresses, sees the global is not the same as the stored link and triggers the hotplug actions.
I don't particularly but that is not the issue ultimately. The issue is the constant reloading of the firewall which appears to be triggered by having a SLAAC assigned address. If I could work out how to inhibit SLAAC assignment that would do the trick, but it would really only be masking the problem not fixing the underlying cause.
But why would a SLAAC address renew/change often enough to make this an issue? What does ifconfig show for the scope of the SLAAC address (so might it be using IPv6 privacy extensions).
A long time ago I removed the portion of the hotplug script that checks for -a -z "$IFUPDATE_DATA" to eliminate reloads if the lease time changed or the DHCP server IP changed. This was for IPv4, but maybe it will also help for IPv6.
Or add the 2 IFUPDATE variables to the logger line in the script to see what it sees.
ISP has been making changes, openwrt seems happy with things and is no longer reloading the firewall. Could be they had some times set incorrectly, not sure but it's working so all good.
Slaac does not assign an address.
Slaac enables a node to choose an address all by itself.
If we ignore privacy bla bla Extensions then an address which is chosen because slaac is used then this address never changes because it's calculated by the Mac address of the interface attached to a link . And in an ideal world where a prefix on a link does not chance.
What you might have experienced is a flapping of the interface on the ISP site. Or the ISP announced that the previous prefix is no longer valid so your router removed the prefix and the address within that prefix. That's why the firewall triggered a reload.