IPv6 communication do not occur while interface is in firewalld drop zone

IPv6 requires ICMPv6 neighbour solicitation and neighbour advertisement packets to create IPv6 connectivity. These packets are used to resolve IPv6 addresses to link-layer (ethernet).

• Add new icmptypes for neighbour solicitation and neighbour advertisement

firewall-cmd --permanent --new-icmptype=neighbour-solicitation

firewall-cmd --permanent --new-icmptype=neighbour-advertisement

• Remove destination IPv4

firewall-cmd --permanent --icmptype=neighbour-solicitation --remove-destination=ipv4

firewall-cmd --permanent --icmptype=neighbour-advertisement --remove-destination=ipv4

• Attach icmptypes to the –zone=drop list of –add-icmp-block

firewall-cmd --permanent --zone=drop --add-icmp-block=neighbour-solicitation

firewall-cmd --permanent --zone=drop --add-icmp-block=neighbour-advertisement

• Invert the icmptype block.

firewall-cmd --permanent --zone=drop --add-icmp-block-inversion

Confirm icmp-block-inversion from output of following command.

firewall-cmd --permanent --list-all --zone=drop