Don't you have problems with clients using the wrong source address and not matching firewall rules?

Different person here, but no. I never write firewall rules based on individual source addresses. They’re too easy to fake. And with IPv6’s privacy extensions, you never know what source address a given machine will have anyway.

▲

gspr 21 hours ago | parent [-]

Interesting. How do you deal with destination addresses on your local network? DHCPv6 like the other poster and myself?

	▲	kstrauser 15 hours ago \| parent [-]
		I haven’t had a need for DHCPv6. I’d use DNS (or better, mDNS) to assign a hostname to the destination’s fixed IPv6 address or ULA, both of which are static. I don’t ever manually assign an IPv6 address to a host, though. I just let SLAAC do the thing it was designed for.

▲

gspr a day ago | parent | prev [-]

No. Admittedly, my firewall rules are all about granting something extra beyond the basics. I only do this for clients I care about anyway, so I can always tell them to use the right address.