Some Important ICMPv6 Traffic Not Allowed by Default Rules
"4.3.1. Traffic That Must Not Be Dropped
Error messages that are essential to the establishment and
maintenance of communications:
o Destination Unreachable (Type 1) - All codes
o Packet Too Big (Type 2)
o Time Exceeded (Type 3) - Code 0 only
o Parameter Problem (Type 4) - Codes 1 and 2 only"
Yet, according to:
the Time Exceeded (Type 3) and Parameter Problem (Type 4) - Codes 1 and 2 do not appear to be specified by pfSense 2.4.4 in the default allow rules.
Possibly, there's a similar issue with the ICMPv6 Neighbor Discovery rules. According to that same document, Neighbor Discovery consists of 7 message types:
" o Router Solicitation (Type 133)
o Router Advertisement (Type 134)
o Neighbor Solicitation (Type 135)
o Neighbor Advertisement (Type 136)
o Redirect (Type 137)
o Inverse Neighbor Discovery Solicitation (Type 141)
o Inverse Neighbor Discovery Advertisement (Type 142)"
PfSense's default ICMPv6 rules specifically allow router and neighbor solicitation and advertisement, but don't mention the others (Redirect and the two Inverse Neighbor Discovery ones).