Hello,
Since the XG Firewall does not have countries for IPv6, I have created my own countries based on published IPv6 address ranges which can be found here https://www.ipdeny.com/
I created a LAN to WAN rule to block access to a country and a WAN to LAN rule to block incoming connections. I based these rules on the guide available for IPv4 country blocking but using the IPv6 addresses for the country instead of the country names. My IPv4 country blocking rules work perfectly fine without interrupting wanted traffic, so I figured my IPv6 rule would too.
My IPv6 LAN to WAN rule registers no traffic. It is 100% unused, which is reasonable since that means that there is likely no traffic to drop. The WAN to LAN firewall rule registers incoming and outgoing traffic which is similar to how my IPv4 country blocking works (no strangeness there).
Then I discovered that I not longer had any IPv4 connections. When I disable the WAN to LAN IPv6 blocking rule, my IPv4 starts working again. For some reason, the IPv6 WAN to LAN drop rule drops IPv4 traffic.
This has completely perplexed me.
I can understand the IPv6 rule blocking IPv6 traffic but how does it interfere with IPv4 traffic? Specifically, my DNS server cannot connect resolve any domains if the list of servers include IPv4 addresses. It will only resolve domains when I remove the IPv4 addresses from the DNS server list and use only IPv6 addresses. If I disable the IPv6 WAN to LAN rule, my DNS server resolves domains using a list of both IPv4 and IPv6 DNS servers.
I should add that I am using an internal DNS server configured to use DNS-over-TLS.
I am running: SFVH (SFOS 21.0.0 GA-Build169)
Added TAGs
[edited by: Raphael Alganes at 7:17 AM (GMT -8) on 19 Nov 2024]
