So, if I understand correctly, in IPv6, every machine typically gets permanent/secured IPv6 addresses AND temporary/privacy IPv6 addresses as well.

When I allow, for example, port 443 via an IPv6 Firewall Rule on a certain machine, this only seems to apply to the temporary/privacy IPv6 addresses -- NOT the permanent/secured IPv6 addresses.

Shouldn't ALL the IPv6 addresses of that certain machine find themselves publicly accessible via port 443?

Why are only the temporary/privacy IPv6 addresses being allowed this opening?