Hi Daniel, thanks for your response.
You mention you used 'macvtap' but not which mode of macvtap ? None the less if you're using it in bridge mode, or passthroug hmode, there should be no filtering of guest traffic in general, since the guest traffic is forwarding at the ethernet layer, not IP layer.
The exception would be if you hve the br-netfilter extension loaded which causes guest traffic to be processed by the host firewall.
The macvtap-Device is started in bridge mode via a systemd-service-unit before the VM is started, see below. The kernel module br-netfilter for Packetfiltering is not loaded. But the PE-based IPv6 is still blocked furthermore. The MAC-based IPv6 works fine. BR, Tom # cat /etc/systemd/system/kvm-network-lan.service [Unit] Description=kvm-local-network.service Setup a macvtap-Bridge for Client-Integration in LAN After=network.target Wants=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStartPre=/usr/sbin/ip link add link enp2s0 macvtap0 address d0:50:99:0a:0a:0a type macvtap mode bridge ExecStartPre=/usr/sbin/ip link set macvtap0 up ExecStart=/usr/sbin/ip link show macvtap0 ExecStop=/usr/sbin/ip link set macvtap0 down ExecStopPost=/usr/sbin/ip link del macvtap0 [Install] WantedBy=multi-user.target # cat /etc/libvirt/qemu/vm1.xml | grep "<interface" -A 5 <interface type='direct'> <mac address='d0:50:99:0b:0b:0b'/> <source dev='macvtap0' mode='bridge'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface>