Hello David
The FILTER-IPv6 access list that you have created permits the NDP messages, that is NAs and NSes, however, it will block any RAs and RSes that are sent. However, you have to keep the following principle in mind:
An access list applied in an outward direction on an interface will not filter outgoing traffic that is generated by the local router. Take a look at this NetworkLessons note on the topic.
I assume that you have applied the ACL in an outbound direction on Gi/0 on H1. This means that RSes sent from H1 are not filtered. Similarly, since it is applied in an outbound direction, any RAs sent from the router will freely enter the Gi0/0 interface.
Just to be sure, I labbed this up and confirmed this. I tried denying all traffic and applied the access list in both inbound and outbound directions, and the SLAAC process failed. I removed the inbound ACL and all worked perfectly.
Just a note here, if you want to permit RAs and RSes through an access list you are creating, you can use the following ACL statements:
permit icmp any any router-advertisement
permit icmp any any router-solicitation
I hope this has been helpful!
Laz