Difference between 0.0.0.0/0 and ::/0 in access control lists

Question

When setting up access control lists, what's the difference between 0.0.0.0/0 and ::/0?

I'm seeing this for an AWS EC2 instance I'm setting up

score 30 · Accepted Answer · edited Sep 20 '17 at 13:38

30

0.0.0.0/0 is the IPv4 everything - all possible IPv4 addresses.
::/0 is the IPv6 equivalent of that.

You can, for example, allow IPv4 and disallow IPv6 or vice versa.

@kasperd mentions:

It should be noted that depending on implementation ::/0 can mean either all IPv6 addresses or all IPv4 and IPv6 addresses. That's because IPv4 addresses can be mapped into IPv6 addresses ::ffff:0:0/96

More info on IPv6 is here.

edited Sep 20 '17 at 13:38

psmears

330
1
6

answered Sep 19 '17 at 11:38

bocian85

822
5
10

11

It should be noted that depending on implementation `::/0` can mean either all IPv6 addresses or all IPv4 and IPv6 addresses. That's because IPv4 addresses can be mapped into IPv6 addresses `::ffff:0:0/96`. – kasperd Sep 19 '17 at 17:09
Any idea in what context EC2 uses it? Would be good to know. – Hassan Baig Sep 19 '17 at 18:42
Isn't that just a firewall ? By default everything should be allowed from anywhere. If you remove those rules before adding your public subnets you might loose connectivity to the instances. – bocian85 Sep 20 '17 at 11:26
I believe Amazon implementation follows: 0.0.0.0/0 for IPv4 everything and ::/0 for IPv6 – Marco Rivadeneyra Jan 31 '19 at 14:15

score 7 · Answer 2 · answered Sep 19 '17 at 11:37

7

0.0.0.0/0 is IPv4 and ::/0 is the default route address for IPv6 covering all addresses.

answered Sep 19 '17 at 11:37

deagh

1,969
5
18
16

Difference between 0.0.0.0/0 and ::/0 in access control lists

2 Answers2