How to allow all IPv6 network traffic but also only allow specific IPv4 traffic

book

Article ID: 169490

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Monitoring Edition Data Center Security Server Critical System Protection Client Edition Data Center Security Server Advanced

Issue/Introduction

Currently the default setup is to block anything not specifically allowed.  Now you need to allow all IPv6 as well as block most IPv4 and only allow certain IPv4 addresses.

Resolution

The address 0000:0000:0000:0000:0000:0000:0000:0000/96 will match IPv4 addresses 
but not most IPv6 addresses. 

The IPv6 address ::1 (localhost ) will be matched by the above address parameter.
So 127.0.0.1 and ::1 should be handled explicitly before the rule that uses 0000:0000:0000:0000:0000:0000:0000:0000/96

To Allow all IPv6 and allow some IPv4:

  1. Set the rule to Allow by default.‚Äč
  2. Add the specific IPv4 allow rules to allow the specific IPv4 addresses.
  3. Below the IPv4 allow rules create a deny rule for 0000:0000:0000:0000:0000:0000:0000:0000/96