since my wl-500w is back up running again I tried to use ipv6 in r1000

ping6 works properly on the router
but all the computers inside my network can't browse the internet however they do receive an ipv6 adress from the router.
I think the range from the local ip's are not set properly yet

I have the basic firewall now:
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all      anywhere             anywhere           rt type:0
ACCEPT     all      anywhere             anywhere
ACCEPT     all      anywhere             anywhere
ACCEPT     ipv6-icmp    anywhere             anywhere
ACCEPT     all      fe80::/10            anywhere
ACCEPT     all      ff00::/8             anywhere
ACCEPT     tcp      anywhere             anywhere           tcp dpt:ftp
DROP       all      anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all      anywhere             anywhere           rt type:0
ACCEPT     all      anywhere             anywhere
ACCEPT     ipv6-icmp    anywhere             anywhere
ACCEPT     all      fe80::/10            anywhere
ACCEPT     all      ff00::/8             anywhere
DROP       all      anywhere             anywhere
DROP       all      anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all      anywhere             anywhere           rt type:0

Chain SECURITY (0 references)
target     prot opt source               destination
RETURN     tcp      anywhere             anywhere           tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
RETURN     tcp      anywhere             anywhere           tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
RETURN     udp      anywhere             anywhere           limit: avg 5/sec burst 5
RETURN     icmp     anywhere             anywhere           limit: avg 5/sec burst 5
DROP       all      anywhere             anywhere

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all      anywhere             anywhere           LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT     all      anywhere             anywhere

Chain logdrop (0 references)
target     prot opt source               destination
LOG        all      anywhere             anywhere           LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP       all      anywhere             anywhere
so I've used some tables from my old home made script
PHP Code:
# Get global, link and wan adresses
GLOBALSCOPE=`ifconfig sixtun | grep 'Scope:Global' | awk '{print $3}'`
LINKSCOPE=`ifconfig sixtun | grep 'Scope:Link' | awk '{print $3}'`
WANIF=`echo $GLOBALSCOPE | cut -f1 -d/`

#Allow local traffic
#includes loopback and local adresses
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables 
-A OUTPUT -o lo -j ACCEPT
#link-local
ip6tables -A INPUT -s $LINKSCOPE -j ACCEPT
ip6tables 
-A OUTPUT -s $LINKSCOPE -j ACCEPT 
and now I'm able to browse ipv6 sites on my clients

The changes in the list: (-- is added)
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all      anywhere             anywhere           rt type:0
ACCEPT     all      anywhere             anywhere
ACCEPT     all      anywhere             anywhere
ACCEPT     ipv6-icmp    anywhere             anywhere
ACCEPT     all      fe80::/10            anywhere
ACCEPT     all      ff00::/8             anywhere
ACCEPT     tcp      anywhere             anywhere           tcp dpt:ftp
DROP       all      anywhere             anywhere
--ACCEPT     all      anywhere             anywhere
--ACCEPT     all      fe80::/64            anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all      anywhere             anywhere           rt type:0
ACCEPT     all      anywhere             anywhere
ACCEPT     ipv6-icmp    anywhere             anywhere
ACCEPT     all      fe80::/10            anywhere
ACCEPT     all      ff00::/8             anywhere
DROP       all      anywhere             anywhere
DROP       all      anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all      anywhere             anywhere           rt type:0
--ACCEPT     all      anywhere             anywhere
--ACCEPT     all      fe80::/64            anywhere

Chain SECURITY (0 references)
target     prot opt source               destination
RETURN     tcp      anywhere             anywhere           tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
RETURN     tcp      anywhere             anywhere           tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
RETURN     udp      anywhere             anywhere           limit: avg 5/sec burst 5
RETURN     icmp     anywhere             anywhere           limit: avg 5/sec burst 5
DROP       all      anywhere             anywhere

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all      anywhere             anywhere           LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT     all      anywhere             anywhere

Chain logdrop (0 references)
target     prot opt source               destination
LOG        all      anywhere             anywhere           LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP       all      anywhere             anywhere
so it added code to accept anything from anywhere... (not secure)
but it also added fe80::/64 considered unsafe according to kamil, but it was the final step to make ipv6 browsable again

in the end the current firewall is not complete imo