ipfilter.dat - 6to4/teredo support

Applying ipv4 ipfilters to 6to4 and Teredo ipv6 addresses would be a good feature.

For example, if 213.114.104.123 is banned in ipfilter.dat, all connections from 2002:d572:687b:* and 2001::*:2a8d:9784 should also be disallowed.

How are the IPs encoded in 6to4 addresses?

We already have the logic for detecting ipv4 addresses in Teredo to avoid duplicate connections, so it wouldn't be hard to add it for at least Teredo.

How are the IPs encoded in 6to4 addresses?

The first group is always 2002.

For an IPv4 address of A.B.C.D, the second group is 256*A + B and the third group is 256*C + D.

ipv4: 213.114.104.123

256*213 + 114 = 54642 = d572 in hexadecimal

256*104 + 123 = 26747 = 687b in hexadecimal

6to4: 2002:d572:687b:*

How do you block an IPv6 range in ipfilter.dat?

Like IPv4 no?

IPv6 subnet with consecutive IPs has the same incrementation so using dash (-) is possible no?

Nope.

In some cases this would be useful, in other cases it would be very annoying. If this was implemented, I for one would like there to be an option to enable/disable it.

Example: Some IPv4 addresses are free traffic for your ISP (peerings your isp has/etc), within that IPv4 space there is a tunnel broker providing free IPv6 connectivity. Et voila, you now have free IPv6 transport to anywhere in the world that is IPv6 enabled, and free IPv4 transit to a select number of hosts (within the IPv4 peering space). One can configure their ipfilter.dat to allow only the IPv4 that is free and block everything else, however one does not want to block any teredo IPv6 address from an IPv6 host whose IPv4 is blocked

And yes, this situation exists...

Is it on the to-do list to block an IPv6 range using ipfilter.dat?