Plesk Firewall Module: ip6tables/IPv6 problem with outgoing connections.

[BoMbY]

Okay, maybe this is a Kernel or Virtuozzo problem, or something like this, because this is running on a vServer - but maybe someone got an idea? This are the ip6tables rules generated by the Plesk Firewall module on my CentOS 6.4 vServer:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all      anywhere             anywhere            state RELATED,ESTABLISHED 
REJECT     tcp      anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset 
DROP       all      anywhere             anywhere            state INVALID 
ACCEPT     all      anywhere             anywhere            
ACCEPT     tcp      2001:4dd0:XXXX::/48  anywhere            tcp dpt:12443 
DROP       tcp      anywhere             anywhere            tcp dpt:12443 
ACCEPT     tcp      2001:4dd0:XXXX::/48  anywhere            tcp dpt:11443 
ACCEPT     tcp      2001:4dd0:XXXX::/48  anywhere            tcp dpt:11444 
DROP       tcp      anywhere             anywhere            tcp dpt:11443 
DROP       tcp      anywhere             anywhere            tcp dpt:11444 
ACCEPT     tcp      2001:4dd0:XXXX::/48  anywhere            tcp dpt:8447 
DROP       tcp      anywhere             anywhere            tcp dpt:8447 
ACCEPT     tcp      2001:4dd0:XXXX::/48  anywhere            tcp dpt:pcsync-https 
ACCEPT     tcp      2001:4dd0:XXXX::/48  anywhere            tcp dpt:cddbp-alt 
DROP       tcp      anywhere             anywhere            tcp dpt:pcsync-https 
DROP       tcp      anywhere             anywhere            tcp dpt:cddbp-alt 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:ftp 
ACCEPT     tcp      2001:4dd0:XXXX::/48  anywhere            tcp dpt:ssh 
DROP       tcp      anywhere             anywhere            tcp dpt:ssh 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:submission 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:urd 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:imap 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:imaps 
ACCEPT     tcp      2001:4dd0:XXXX::/48  anywhere            tcp dpt:poppassd 
DROP       tcp      anywhere             anywhere            tcp dpt:poppassd 
DROP       tcp      anywhere             anywhere            tcp dpt:mysql 
DROP       tcp      anywhere             anywhere            tcp dpt:postgres 
DROP       tcp      anywhere             anywhere            tcp dpt:ogs-server 
DROP       tcp      anywhere             anywhere            tcp dpt:glrpc 
DROP       udp      anywhere             anywhere            udp dpt:netbios-ns 
DROP       udp      anywhere             anywhere            udp dpt:netbios-dgm 
DROP       tcp      anywhere             anywhere            tcp dpt:netbios-ssn 
DROP       tcp      anywhere             anywhere            tcp dpt:microsoft-ds 
ACCEPT     udp      2001:4dd0:XXXX::/48  anywhere            udp dpt:openvpn 
DROP       udp      anywhere             anywhere            udp dpt:openvpn 
ACCEPT     udp      anywhere             anywhere            udp dpt:domain 
ACCEPT     tcp      anywhere             anywhere            tcp dpt:domain 
ACCEPT     ipv6-icmp    anywhere             anywhere            ipv6-icmp type 134 code 0 
ACCEPT     ipv6-icmp    anywhere             anywhere            ipv6-icmp type 135 code 0 
ACCEPT     ipv6-icmp    anywhere             anywhere            ipv6-icmp type 136 code 0 
ACCEPT     ipv6-icmp    anywhere             anywhere            ipv6-icmp type 137 code 0 
ACCEPT     ipv6-icmp    anywhere             anywhere            ipv6-icmp type 128 code 0 
ACCEPT     ipv6-icmp    anywhere             anywhere            ipv6-icmp type 129 code 0 
DROP       all      anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all      anywhere             anywhere            state RELATED,ESTABLISHED 
REJECT     tcp      anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset 
DROP       all      anywhere             anywhere            state INVALID 
ACCEPT     all      anywhere             anywhere            
DROP       all      anywhere             anywhere            

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all      anywhere             anywhere            state RELATED,ESTABLISHED 
REJECT     tcp      anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW reject-with tcp-reset 
DROP       all      anywhere             anywhere            state INVALID 
ACCEPT     all      anywhere             anywhere            
ACCEPT     all      anywhere             anywhere

And the problem is for once, this:

# ping6 blog.fefe.de
PING blog.fefe.de(2001:4d88:ffff:ffff:d0:b723:863f:2) 56 data bytes
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

And for a outgoing IPv6 HTTP connection, for example:

# wget blog.fefe.de
--2013-06-21 14:20:22--  http://blog.fefe.de/
Resolving blog.fefe.de... 2001:4d88:ffff:ffff:d0:b723:863f:2, 31.15.64.162
Connecting to blog.fefe.de|2001:4d88:ffff:ffff:d0:b723:863f:2|:80...

The connection just hangs there, and will timeout eventually. Like the ACKs are not coming through, or something like that. IPv4 is working fine, and if I purge all ip6tables rules and set INPUT and OUTPUT to ACCEPT, it's working as well. What could this be?

Thanks and Regards,
BoMbY