I believe a reasonable compromise is to allow any source UDP port and
force the destination and source IP addresses to be link-local addresses.
It is _very_ unlikely that a link-local address is not used by both
server and client as it requires a previously agreed upon IP to be used
which for most residential ISP customers is not going to happen: if you
are already agreeing on some static IP address, then why not just use
static IPs? This does violate RFC 8415, but it violates it in a lesser
way than enforcing the UDP source port. I know that RFC 3203 allows DHCP
servers to send uniform FORCERENEW packets, but I am not aware of such a
mechanism for DHCPv6. If there is, then you certainly should not filter
on IP address either. By forcing link-local addresses, I believe you
will prevent forwarded packets too.
