Add back IPv6 protocol support for recent rule masks

[104ru]

Use Case

I am trying to implement rate limiting with iptables, which uses recent and mask options in iptables. The module allows such configuration for IPv4, but not IPv6. On IPv6 it would require rules like that:

-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m comment --comment "130 ipv6 ssh defence" -j SSHSCAN
-A SSHSCAN -p tcp -m recent --update --seconds 300 --hitcount 15 --name SSH --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource -m comment --comment "100 log ipv6 attempts" -j LOG --log-prefix "SSH SCAN blocked: " --log-level 7
-A SSHSCAN -p tcp -m recent --update --seconds 300 --hitcount 15 --name SSH --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource -m comment --comment "110 drop ipv6 attacker" -j DROP
-A SSHSCAN -p tcp -m recent --set --name SSH --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource -m comment --comment "120 accept ipv6 connections" -j ACCEPT

The problem is that the module does not support recent/mask for IPv6, only for IPv4. The mask type is defined as Optional[Pattern[/^\d+\.\d+\.\d+\.\d+$/]] and would not accept the IPv6 values.

Describe the Solution You Would Like

Change mask type allowing both IPv4 and IPv6 values.

Describe Alternatives You've Considered

Of course, there are alternative ways of rate limiting not using iptables, but that is the best fit for a few projects I've got.

Additional Context

Interestingly this limitation to just IPv4 values of the mask has been introduced in version 7 of the module. Before that IPv6 masks were accepted. Thus this request is not so much about adding a new feature as bringing back an old one.

[anthonysomerset]

I've just bumped into this issue exact same problem