From e4761ef21b951856b27fe158ca8649f24ae82faa Mon Sep 17 00:00:00 2001
From: "Matthew R. Kasun" <mkasun@nusak.ca>
Date: Mon, 12 Sep 2022 15:11:19 -0400
Subject: [PATCH] add check in nft rules for dual stack internet gateway

---
 logic/gateway.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/logic/gateway.go b/logic/gateway.go
index 446bb34f..83148b95 100644
--- a/logic/gateway.go
+++ b/logic/gateway.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net"
 	"strings"
 	"time"
 
@@ -334,6 +335,9 @@ func firewallNFTCommandsCreateEgress(networkInterface string, gatewayInterface s
 		postUp += "nft 'add chain ip nat prerouting { type nat hook prerouting priority 0 ;}' ; "
 		postUp += "nft 'add chain ip nat postrouting { type nat hook postrouting priority 0 ;}' ; "
 		for _, networkCIDR := range gatewayranges {
+			if net.ParseIP(networkCIDR).To16() != nil {
+				continue
+			}
 			postUp += "nft add rule nat postrouting iifname " + networkInterface + " oifname " + gatewayInterface + " ip saddr " + networkCIDR + " masquerade ; "
 		}