Before I mention about the IPv6 firewall issue.....I would like to give a feedback on Archer A6 Internet LED refuses to change from orange/red to green after enabling IPv6 and router IPv6 firewall doesn't work. Steps to reproduce, begin by logging into the router:
1) Advanced, Network, Internet, IPv4, Internet Connection type :PPPoE............Next, expand the 'Advanced' and enter custom Primary and Secondary DNS (in my case, I select cloudflare DNS 18.104.22.168 and 22.214.171.124), Save
2) Advanced, Network, IPTV/VLAN, Settings, check "Enable IPTV/VLAN", select Mode: Malaysia-Unifi (my ISP).
3) Advanced, Security, Settings, ensure SPI Firewall is enabled. Both 'Ignore Ping Packet From WAN Port' and 'Forbid Ping Packet From LAN Port' are checked.
4) Advanced, UPnP......disabled UPNP
5) Advanced, IPv6, enable IPv6, selecting PPPoE, checked 'Use the same session with IPv4 connection. Expand 'Advanced', Select SLAAC at 'Get IPv6 Address', enable 'Prefix Delegation', using custom IPv6 DNS 2606:4700:4700::1111 and 2606:4700:4700::1001. Finally Save.
6) Reboot the router.
Now then, problems. As I wrote before, the Internet LED refuse to change from orange/red to green after enabling IPv6 (I verified IPv6 Internet connectivity is successfully established). In addition, with IPv6 enabled, the 'Check for upgrade' section at System Tools, Firmware Upgrade will always return 'No Internet Connection'. Please fix these issue.
Note: I had upgraded the Archer A6 v2.0 firmware to 1.1.2 Build 20190403 rel.65811(5553) in which the changelog mentioning something about Improve the security of device that doesn't fix the IPv6 firewall at all......
Moving on to IPv6 firewall......
Instead of the A6 router IPv6 firewall filtering out the uninitiated inbound connection, my software firewall (Comodo firewall) is hit with port scans by random devices. I run a port scan test using https://ipv6.chappell-family.com/ipv6tcptest/ and my Comodo firewall is receiving and blocking all those port scan attempts. You can see the comodo log in picture below.
Comodo firewall is sure doing a good job here.
If I use my previous C1200, the Comodo Firewall will not even be hit by IPv6 port scans at all as the C1200 router will filter it off before reaching my devices.
Thing is looking bad for my android based phones with Archer A6:
If I use Archer C1200, the page will show all green STLTH on my android phones on IPv6 connection.
It get worse. I run another IPv6 port scans on Archer A6 Global IPv6 Address (the router IPv6 address) directly using http://www.ipv6scanner.com/cgi-bin/main.py and this is what I found out.
Seriously? Port 22 and 53 are open?
Compare the result above with Archer C1200 below;
This is clear Archer A6 IPv6 firewall doesn't not function properly. I sent an email to TP-Link support on 4 April 2019, but there is no further reply other than automated message with "TPLINK SUPPORT #182050". The latest firmware published on 2019-04-17 Archer A6(US)_V2_190403 1.1.2 Build 20190403 rel.65811(5553) doesn't fix the IPv6 firewall and the Internet LED status.
Any idea what should I do next?