I configured an internal network with DNS, email, and web servers. All incoming connections via WAN IPv4 are correctly reaching the respective ports of the servers.

For WAN IPv6, I configured an Access Control, filled in as:

Policy: Allow
Service Type: ALL
IP Type: IPv6
Direction: [WAN1] IN, LAN->WAN
Source Type: IPv6 Group
Source: IPV6GROUP_ANY
Destination Type: IPv6 Group
Destination: Server (IPv6 group)
Effective Time: Any
States: New, Established, Related

This allows external sources to access local server ports, and it works as expected. On my servers, there are no firewall rules restricting specific IPv6 sources.

The problem is that some IPv6 sources can't access the ports on my servers. They can ping my IPv6 addresses, but when trying to access another port, such as 53 or 80, a timeout occurs. I've already consulted my ISP, and there's no filter that could be causing this blockage.

I couldn't find any other reason besides some bug in the router's firmware, which may not be correctly validating incoming IPv6 address connections.

Here an online test made on https://tcp6.ping.pe/

How it should work (tested with a server in a Vultr data center):

https://ibb.co/5XMNf2T4

How it's working on my network with the TP-Link ER605:

https://ibb.co/wNw8CR1s

As you can see, not all sources can reach the port 53 on my server. I'm using port 53 as an example, it happens with all the ports.