Hej firewall experts, I go nuts as I have two times the same thing, but once in IPv4 working and once in IPv6 not working. This is only all about allowing mDNS broadcasts to the common broadcast addresses (224.0.0.251 and [ff02::fb]) on port 5353 via UDP from LAN.
I have set up two aliases including the hosts as described above and as it can be seen on the screenshots. First I had both addresses in one alias, but now I split it up for dedicated IPv4 and IPv6 targets and created two rules by also copying them. Both on the LAN interface. IPv4 always worked right from the beginning but the copied IPv6 one is not considered and then finally blocked.
What is wrong here or what is different for IPv6? I do not get or see it.
I'm running newest release (OPNsense 20.1.2-amd64, FreeBSD 11.2-RELEASE-p17-HBSD, OpenSSL 1.1.1d 10 Sep 2019).
Looking for some good ideas/feedback or what I'm overlooking. Please ask, if you need more details.
Thanks in advance.
Hah, I finally solved it by myself after hours of thoughts ;). The solution is to remove the Source "LAN net" and replace it with "any" as my usual local LAN is mainly IPv4 based and therefore also only defined as an IPv4 net.
I was so blind, because I always add the source net to the interface, just to be sure not to oversee and allow someone something, who does not belong onto the corresponding interface. But for IPv6 I need to think different.
Posted the answer here as someone else might benefit from it or at least from these thoughts as well. ;D