Are you using the latest Linux kernel firewall?. Here are some notes I've saved that I use and forget all the time.
I plan to add to this as I do more. Hopefully it helps you work something out one day.

Note: I am using inet tables combining my IPv4 and IPv6 rulesets.

List Tables

sudo nft list table inet filter -n -a
sudo nft list table inet nat -n -a

• -n: numeric
• -a: handle (object handles)

Add a rule

nft insert rule inet filter OUTPUT position 0 icmpv6 type {nd-router-advert} drop

Delete a rule

nft delete rule inet filter OUTPUT handle 41

ICMPv6 Types

Noting some handy IPv6 ICMP types. I use nftables to block RAs when my WAN is down.

• nd-router-advert == 134

tcpdump expressions

• tcpdump -v -i en0 'ip6[40] = 134'