<filter name='allow-dhcpv6-server' chain='ipv6'>

    <!-- accept outgoing DHCP requests.
         note, this rule must be evaluated before general MAC broadcast
         traffic is discarded since DHCP requests use MAC broadcast.
         according to https://tools.ietf.org/html/rfc3315#section-14,
         client sends messages to FF02::1:2 from link-local addresses -->
    <rule action='accept' direction='out' priority='100'>
        <ipv6 protocol='udp'
              srcipaddr='FE80::'
              srcipmask='10'
              dstipaddr='FF02::1:2'
              srcportstart='546'
              dstportstart='547'/>
    </rule>

    <!-- accept incoming DHCP responses from a specific DHCP server
         parameter DHPCSERVER needs to be passed from where this filter is
         referenced -->
    <rule action='accept' direction='in' priority='100' >
        <ipv6 srcipaddr='$DHCPSERVER'
              protocol='udp'
              srcportstart='547'
              dstportstart='546'/>
    </rule>

</filter>
