Daniel De Graaf wrote:
> ip6tables-save outputs the source and destination IPs when it is not
> needed. This
> is caused by an incorrectly copied check from iptables-save. Example
> output:
> -A INPUT -s ::/0 -d ::/0 -i lo -j ACCEPT instead of just -A INPUT -i
> lo -j ACCEPT
> 
> This patch will not output the address if the mask length is zero.
> 
> - Daniel De Graaf
> 
> Index: ip6tables-save.c
> ===================================================================
> --- ip6tables-save.c    (revision 6699)
> +++ ip6tables-save.c    (working copy)
> @@ -125,7 +125,7 @@
>         char buf[51];
>         int l = ipv6_prefix_length(mask);
>  
> -       if (!mask && !ip)
> +       if (l == 0)

They both seem wrong since they ignore inversion (-s !0/0). I've
committed this patch instead.