All IPv6 Traffic allowed when no IPv6 address/prefix defined in ACL destination

[kokel]

Describe the bug
We use dual-stack, but have mainly ACL destinations with only IPv4 addresses.
These ACLs are translated into a allow all nft rule. I have seen the issue #1868 and understand that this bug has been fixed in 1.6.2. But we're using defguard core version 1.6.4 and defguard gateway version 1.6.3 and see in the nft rules that this bug still exists.

To Reproduce
Steps to reproduce the behavior:
Create a location with ACL enabled and default policy deny.
Specify an IPv6 address on the location settings.
Create an ACL rule with only IPv4 destinations.

Expected behavior
This ACL should not create the rule for ip6 saddr, unless IPv6 destinations are specified in the ACL, so the rule can include a ip6 daddr

Version information

• Defguard Core version: v1.6.4
• Defguard Gateway version: v1.6.3
• Operating system and version running the gateway: Debian 13

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context

ip saddr { 10.0.0.2-10.0.0.21 } ip daddr { 192.168.0.8/31 } ip protocol icmp counter packets 0 bytes 0 accept comment "ACL 54 - Allow NTP, ALIAS 60 - Internal NTP ALLOW"
ip saddr { 10.0.0.2-10.0.0.21 } ip daddr { 192.168.0.8/31 } tcp dport { 123 } counter packets 0 bytes 0 accept comment "ACL 54 - Allow NTP, ALIAS 60 - Internal NTP ALLOW"
ip saddr { 10.0.0.2-10.0.0.21 } ip daddr { 192.168.0.8/31 } udp dport { 123 } counter packets 0 bytes 0 accept comment "ACL 54 - Allow NTP, ALIAS 60 - Internal NTP ALLOW"
ip6 saddr { 2a00:mask:c0::2-2a00:mask:c0::15 } ip6 nexthdr icmp counter packets 0 bytes 0 accept comment "ACL 54 - Allow NTP, ALIAS 60 - Internal NTP ALLOW"
ip6 saddr { 2a00:mask:c0::2-2a00:mask:c0::15 } tcp dport { 123 } counter packets 0 bytes 0 accept comment "ACL 54 - Allow NTP, ALIAS 60 - Internal NTP ALLOW"
ip6 saddr { 2a00:mask:c0::2-2a00:mask:c0::15 } udp dport { 123 } counter packets 23 bytes 2208 accept comment "ACL 54 - Allow NTP, ALIAS 60 - Internal NTP ALLOW"