Now I have IPv6 at home, and the OmniOS NAS automatically got a IPV6 address. Ping works, even from WAN side, but otherwise seems to be firewalled properly.

Now my question is: how one supposed to assign/setup ipv6 for the zones?

same as with ipv4 - either manual setup or automatic (stateful - dhcpv6 or stateless - from prefix).

tsoome: do you think it is possible to apply it using zonecfg just like with the exclusive address?

Also for some reason after a couple of hours the main eth interface looses its global ip and have only a link-local ip. MAybe some service is not running to maintain the ipv6 address...

from zonecfg(8): The network address is one of: a valid IPv6 address, which must be followed by "/" and a prefix length;

if you are using address autoconf, then your router should announce prefix - if the zone is connected via virtual network, that network setup should also include ndpd setup to announce respective prefix(es)

I see. Thanks for the hints, I should read the docs. I just never seen any zone config including ipv6 so far.

I am trying with this: in the net section:

allowed-address=["10.0.0.2/24", "fddd::2/64"]

but zadm complains that this is not OK.

I have lost the irc history, so I can't check what you wrote, but the zonecfg manpage says:

"To allow multiple addresses (for example, an IPv4 and IPv6 address), use add net multiple times."

I try that now

szilard: with respect to "after a couple of hours the main eth interface looses its global ip" that may indicate your firewall is blocking something necessary to keep the address live.

are you using dhcpv6 or stateless address autoconfig?

I am using SLAAC

ok, you're probably blocking too much icmpv6

but I am trying to use fixed IPv6 adresses instead, ebcause the prefix is not fix.

if you're using SLAAC, the '-i interface-id' option to 'ipadm create-addr -T autoconf' is really helpful to give services a more-predictable address.

along the lines of "ipadm create-addr -T autoconf -i ::1/64 foo0/v6"

you won't have external connectivity on the unique local address (in fd00::/8) so you'll also need global addresses for that

and that will have to come from your ISP & router.