If I enable "Block private networks from WAN", the rule gets generated with the following contents: "fd00::/8, fe80::/10, ::/128". Shouldn't that be either "fd00::/7" or have an additional "fc00::/8" in it? They're both private with the only difference being that fc:: is supposedly assigned by the IANA. AFAIK, this process never materialized but still...?
Plus, even though deprecated, wouldn't the site-locals (fec::/10) also be considered "private"?
Also, the description of the checkbox in the interface config only mentions RFC1918, there is no mention of IPv6 at all so which ranges will get blocked won't be known unless you look at the rules.
Am I missing something again?
You will find the answers here: https://en.wikipedia.org/wiki/Unique_local_address
Site-local-adresses (fec::/10) have been deprecated and are in the global allocation block, so potentially could be routeable at any point.
fc00::/8 is proposed to be managed, but is not at this time. So, only fd00::/8 is truly locally administered and thus "private" in some sense.
Not that it matters much if you do not have explicit allow rules and also use such ranges, which would go against specifications, anyway.