At various points in your network, you may need selections of these:
## allow icmp6 for getting address using IPv6 autoconfiguration from router pass inet6 proto ipv6-icmp all icmp6-type routeradv pass inet6 proto ipv6-icmp all icmp6-type routersol ## allow icmp6 for getting neighbor addresses pass inet6 proto ipv6-icmp all icmp6-type neighbradv pass inet6 proto ipv6-icmp all icmp6-type neighbrsol ## allow icmp6 echo, not required, but sometimes nice pass in inet6 proto ipv6-icmp all icmp6-type echoreq ## pass icmp-types: unreachable, time exceeded, parameter problem pass in inet6 proto ipv6-icmp all icmp6-type {1 3 4}
Thanks to Henrik Kramshøj for input