diff --git a/roles/base/templates/iptables/ip6tables b/roles/base/templates/iptables/ip6tables
index a1b9e3053c..987eed331a 100644
--- a/roles/base/templates/iptables/ip6tables
+++ b/roles/base/templates/iptables/ip6tables
@@ -14,9 +14,11 @@
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 # Established connections allowed
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
+# allow dhcp6d from aws
+-A INPUT -d fe80::/64 -p udp -m udp --dport 546 --sport 547 -j ACCEPT
+
 # if the blocked_ips is defined - drop them
 {% if blocked_ip_v6 is defined %}
 {% for ip in blocked_ip_v6 %}