deny failed: [2001:1be8:3f03:0480:0000:0000:0002:02f3] is one of this servers addresses!
As that im sure that this ip is not used ont this server the ipv6 address on this server that is uses is
2001:1be8:3f03:0480:0000:0000:0002:0213
It looks like it wont block it becouse it is in the same range strangly enough with ipv4 you can for example block 10.0.0.110 if you have 10.0.0.109 on the server.
Just hit this when trying to add a v6 host in the same /64 into the allow list.
CSF seems to be conflating IPs in the same range as being bound on the server, when this isn't the case.
Having an v6 interface of 2a01::101/64 bound (as an example) does not mean that every IP in that /64 is bound to the server any more than 111.222.111.222/24 being bound means that every address in that /24 v4 range is bound to the server.
Adding the entry manually into the allow list circumvents this, but it's definitely a bug in the sanity checking when doing a quick-add.
(awesome work, by the way - only discovered this a week ago, and makes my life a lot easier, particularly with dedicated server customers to try and save them "from themselves" - made sure to take a pass at your tip jar this evening - something I encourage anyone reading this who uses CSF in a commercial environment to do.)