I have some questions regarding IPv6.
I would prefer to disable IPv6 on my phone completely but this does not seem to work reliable as the system settings in /proc/sys/net/ipv6/ are changed in the background while wifi is enabled/disabled etc.
So at least I want to make sure that all my app policies also apply to IPv6 and that there is no IPv6 Traffic allowed for apps, which are supposed to be denied internet access.
I am not sure about the meaning of some options/settings:
1) "ipv6 support"
1.1) "disabled" means that AFWall+ ignores any IPv6 traffic and denied apps can bypass the ipv4 policy by using ipv6? Or does afwall+ block any ipv6 traffic in that case?
1.2) "enabled" means that AFWall+ Applies the same policies to ipv6 traffic as tp ipv4 traffic?
2) "only control IPv6 Chains" What does this setting do? What is the difference to enabling "ipv6 support"?
3) I am also wondering that the AFWall+ log only displays blocked ipv4 addresses and no ipv6 addresse at all. (no matter if "ipv6 support" is enabled or disabled) Is IPv6 traffic not logged or does it bypass afwall+?
With IPv6 support disabled I had trouble with CalDAV and CardDAV synchronization. I also could see AppID 1000 being blocked regularly in AFWall+ Logs.
With IPv6 support enabled, CalDAV and CardDAV synchronization suddenly worked without any issue. I also could not see AppID 1000 being blocked anymore.
So it feels like enabling IPv6 supports allows some traffic to invisibly bypass the firewall.
Maybe @ukanth can clarify how IPv6 support is supposed to work?