diff --git a/CHANGELOG.md b/CHANGELOG.md
index a0cf3821..7a276ffc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,8 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 ### Fixed
 
+- Support for link-local subnets, i.e. `fe80::/16`, in the access settings
+  ([#6192]).
 - The ability to apply an invalid configuration for private RDNS, which led to
   server inoperability.
 - Ignoring query log for clients with ClientID set ([#5812]).
@@ -40,6 +42,7 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 [#5345]: https://github.com/AdguardTeam/AdGuardHome/issues/5345
 [#5812]: https://github.com/AdguardTeam/AdGuardHome/issues/5812
+[#6192]: https://github.com/AdguardTeam/AdGuardHome/issues/6192
 [#6854]: https://github.com/AdguardTeam/AdGuardHome/issues/6854
 [#6875]: https://github.com/AdguardTeam/AdGuardHome/issues/6875
 
diff --git a/internal/dnsforward/access.go b/internal/dnsforward/access.go
index c4d6c591..c6c6beab 100644
--- a/internal/dnsforward/access.go
+++ b/internal/dnsforward/access.go
@@ -156,7 +156,10 @@ func (a *accessManager) isBlockedIP(ip netip.Addr) (blocked bool, rule string) {
 	}
 
 	for _, ipnet := range ipnets {
-		if ipnet.Contains(ip) {
+		// Remove zone before checking because prefixes stip zones.
+		//
+		// TODO(d.kolyshev):  Cover with tests.
+		if ipnet.Contains(ip.WithZone("")) {
 			return blocked, ipnet.String()
 		}
 	}