Hi, thanks for the reply.  There is nothing in the listing of iptables or ip6tables to suggest that's happening.

What I've discovered since posting, and was intending to research more before posting again, is this -

Firewalld'd default zone is "drop", icmp-v6 echo requests are going out, and icmp-v6 echo-replies are being dropped.  What's strange is that the drop log message's SRC is my default gateway's ipv6 address.  If I add a direct rule on the INPUT chain for ipv6-icmp to be accepted, everything works as expected.  The ping6 command receives the reply (even if it's SRC is the gateway instead of google.com) and thinks all is well.

To me this seems like fishy behavior that does not match what happens under the same configuration and scenario on ipv4.

With the same firewall rules in place, my system block inbound ipv4 icmp echo-requests, but I can successfully ping other systems all day long.  I would expect the same behavior with ipv6, but that's not what happens.