The reason for not supporting IPv6 in the firewall-mode is two fold:
1. Firewall today simply stores classless IP address rules as strings in a sqlite table fronted by a lfu cache backed by a typical hash-map. With IPv6, I'd imagine, this won't scale. So, we need a more economical in-memory data-structure (like a crit-bit trie [0] or an art tree [1]).
2. Apparently LwIP has problems with HappyEyeballs (I personally never saw it, but got a couple of reports from users about it that it was an unrecoverable error once the connectivity was lost, and the firewall had to be restarted to get internet back up). We're in the process of replacing LwIP with gvisor/netstack now [2], just to get IPv6 support back on track.
---
That said, I'd imagine the app should work just fine over IPv6-only networks thanks to 464xlat [3]. I may be wrong, because I've never tested it on a IPv6-only network with support for it.
In the dns-only mode, IPv6 should work.
The reason for not supporting IPv6 in the firewall-mode is two fold:
1. Firewall today simply stores classless IP address rules as strings in a sqlite table fronted by a lfu cache backed by a typical hash-map. With IPv6, I'd imagine, this won't scale. So, we need a more economical in-memory data-structure (like a crit-bit trie [0] or an art tree [1]).
2. Apparently LwIP has problems with HappyEyeballs (I personally never saw it, but got a couple of reports from users about it that it was an unrecoverable error once the connectivity was lost, and the firewall had to be restarted to get internet back up). We're in the process of replacing LwIP with gvisor/netstack now [2], just to get IPv6 support back on track.
---
That said, I'd imagine the app should work just fine over IPv6-only networks thanks to 464xlat [3]. I may be wrong, because I've never tested it on a IPv6-only network with support for it.
[0] https://github.com/agl/critbit
[1] http://www.hariguchi.org/art/art.pdf
[2] https://github.com/celzero/firestack/issues/3
[3] https://sites.google.com/site/tmoipv6/464xlat