The firewall policy is a combination of the default policy for each of 'incoming', 'outgoing' and 'routed' (forward) along with the policies shipped in before{,6}.rules, after{,6}.rules and whatever gets added to user{,6}.rules. Specifically, what is in before{,6}.rules is designed with default deny for incoming (and forward), default allow for outgoing and default accept for established connections. Considering that dhcpv6 uses port 546/udp for the client and port 547/udp for the server, the shipped default policy allows:
* outgoing from this host port 546/udp to any port 547/udp (via default allow outgoing; eg, for dhcp request)
* incoming for established connection (via before6.rules RELATED,ESTABLISHED; eg, dhcp reply from the server we connected to on port 547/udp)
* incoming from fe80::/10 port 547/udp (via the before6.rules you mentioned; eg, for a server responding to the broadcast)
I suspect that you've updated your default policy to deny to perform egress filtering so you need to add a corresponding 'ufw allow out to ff02::1:2 port 547 proto udp comment "dhcpv6 solicit"' rule or similar.
Thank you for filing a bug.
The firewall policy is a combination of the default policy for each of 'incoming', 'outgoing' and 'routed' (forward) along with the policies shipped in before{,6}.rules, after{,6}.rules and whatever gets added to user{,6}.rules. Specifically, what is in before{,6}.rules is designed with default deny for incoming (and forward), default allow for outgoing and default accept for established connections. Considering that dhcpv6 uses port 546/udp for the client and port 547/udp for the server, the shipped default policy allows:
* outgoing from this host port 546/udp to any port 547/udp (via default allow outgoing; eg, for dhcp request) ESTABLISHED; eg, dhcp reply from the server we connected to on port 547/udp)
* incoming for established connection (via before6.rules RELATED,
* incoming from fe80::/10 port 547/udp (via the before6.rules you mentioned; eg, for a server responding to the broadcast)
I suspect that you've updated your default policy to deny to perform egress filtering so you need to add a corresponding 'ufw allow out to ff02::1:2 port 547 proto udp comment "dhcpv6 solicit"' rule or similar.