Currently the default setup is to block anything not specifically allowed. Now you need to allow all IPv6 as well as block most IPv4 and only allow certain IPv4 addresses.
The address 0000:0000:0000:0000:0000:0000:0000:0000/96 will match IPv4 addresses
but not most IPv6 addresses.
The IPv6 address ::1 (localhost ) will be matched by the above address parameter.
So 127.0.0.1 and ::1 should be handled explicitly before the rule that uses 0000:0000:0000:0000:0000:0000:0000:0000/96
To Allow all IPv6 and allow some IPv4: