The protection offered by a firewall is even more important to sites that use IPv6 because IPv6 does not offer NAT functionality. Therefore, a firewall is the only way to protect an IPv6 network.

Note that IPv4 firewall rules and IPv6 firewall rules are completely independent. IPv4 packets are not inspected by rules in IPv6 rule sets, and IPv6 rules are not inspected by rules in IPv4 rule sets. IPv4 and IPv6 packets are not inspected by rules in the table of the other IP version; IPv6 packets are inspected only by the rules in the IPv6 filter table, while IPv4 packets are inspected only by the rules in the IPv4 filter table.

In general, IPv6 support for firewall parallels that for IPv4 firewall. Some IPv4-specific parameters do not apply to IPv6 firewalls, and conversely. For example, ICMP has an IPv6-specific version: ICMP for IPv6. The IPv6 firewall has the icmpv6 keyword available for the protocol filtering option, but the icmp keyword is not supported.