TODO
SSH to your UDM
ssh root@<udm ip address>
<enter the password you set when prompted>
Configure the IPv6 Tunnel - You get the addresses from the Tunnel Details page on TunnelBroker
ip tunnel add he-ipv6 mode sit remote <server ipv4 address> local <client ipv4 address> ttl 255
ip link set he-ipv6 up
ip addr add <client ipv6 address> dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
Test Connectivity from UDM
ping 2600::
Setup Address Allocation
TODO
So, if you want ANY firewall rules to be applied to your ipv6 tunnel, you have to do a few things: run the configure-he-ipv6-chains.sh script, AND in order to ensure the rules survive when changes are made via the user interface, setup the cron job that checks for changes and re-applies the rules.
And in order to make sure things (including the cron job) persist beyond a reboot, you'll need to use the on-boot.d scripts
Once those are all running, you can just make firewall rules and changes as you normally would in the user interface, and then wait up to 1 minute for them to be applied to the tunnel.