When web browsing IPv6 sites through an IPv4 tunnel (HE, specifically), all of the reply packets seem to skip the "—state RELATED,ESTABLISHED" rule in the FORWARD chain (to the requesting station).
Is this a kernel issue with conntrack for IPv6 (apparently a problem in earlier kernel revs than Tomato's), or just my misunderstanding of how this should work with a 6-in-4 connection setup (which makes firewalling stations on the LAN at the router, shall we say, "interesting" :) ?
Rodney