Filter traffic from IPv4 to IPv6 and vice versa

Question

I've tried to filter (using nftables, but I'm open for a change if it works using iptables) traffic coming from an IPv4 network to an IPv6 network, but can't figure out how to do it.

Suppose I have a file with this rule:

table inet filter {
    chain networkfilter {
        type filter hook input priority 0; policy accept;
        ip saddr 10.1.0.0/16 ip6 daddr fd00:0:0:1::/64 drop
    }
}

When I try to load it using nft -f notworking.nftables it gives me the following message:

notworking.nftables:4:30-38: Error: conflicting protocols specified: ip vs. ip6
ip saddr 10.1.0.0/16 ip6 daddr fd00:0:0:1::/64 drop
                      ^^^^^^^^^

How do I properly filter between networks of different IP versions?

score 2 · Answer 1 · answered May 21 '18 at 22:37

2

There is neither a possibility nor a need to filter traffic between IPv4 and IPv6, because such traffic does not exist. Network packets originating from an IPv4 interface cannot be addressed to an IPv6 destination address or vice versa.

answered May 21 '18 at 22:37

Tilman Schmidt

3,778
10
23

Filter traffic from IPv4 to IPv6 and vice versa

1 Answers1