Bug ID 512609: Firewall rules specifying wildcard IPv6 addresses match IPv4 addresses

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3

Opened: Mar 16, 2015

Severity: 2-Critical

Symptoms

A Firewall Rule with Src/Dst = ::/0 (or 0::0/0) matches any IPv6 traffic which is correct, but also matches any IPv4 traffic which is incorrect.

Impact

IPv4 traffic will match.

Conditions

Network Firewall Rule with wildcard IPv6 source or destination address ::0 or 0::0/0.

Workaround

None

Fix Information

A Firewall Rule with Src/Dst = ::/0 (or 0::0/0) no longer incorrectly matches any IPv4 traffic.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips