- add firewall traffic rule
- select protocol as you wish.typically TCP
- source zone select wan6 or wan
- source address empty since we want to allow from anywhere on the internet
- destination zone is lan
- destination address
::aaaa:bbbb:cccc:dddd/::ffff:fffff:ffff:ffff.here is the trick.the ISP usually give our an dynamic IPv6 prefix.but the suffix of our machine can be static.so we tell firewall filter by suffix. - action select accept.then we done.
but Openwrt will hijack all packet.so the incoming packet is straight into machine,but the reply packet are hijecking by openwrt.so there is no response to that incomming packet.
we need to add a firewall rules to solve this ip6tables -t mangle -I PREROUTING -s ::aaaa:bbbb:cccc:dddd/::ffff:ffff:ffff:ffff -j ACCEPT
but that is not ideal.I can not see proxy traffic through openclash dashboard for debug. so I add another virtual interface to my machine,then I can using the first interface for normal internet surfing.and bypass the second interface in openclash by mac address for serving incomming request.