As the communication via internet is growing very fast, network security becoming the essential need of an organization or user. it include protecting data from unauthorized access, protecting data from damage and implementing policies and procedures for network security breaches and data losses. Due to exhaustion problem of IPv4 addresses we will soon switch over IPv6. To solve this problem we are presenting a Framework of a firewall for IPv6 and IPv4 networks using a field-programmable gate array (FPGA). The FPGA implements, the accept or deny rules of the firewall in Hardware using Verilog Hardware Description Language. A hardware based firewall offers the advantages of speed over a software firewall, in addition to direct interfacing with network devices, such as an Ethernet. This firewall would have the ability to process the data packets based on source and destination TCP/UDP port number, source and destination IPv4 and IPv6 address, and combination of source IP address, and destination port number. Incoming and outgoing IPv6 packets addresses first converted into IPv4 addresses for filtering decisions.
INTRODUCTION
A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. The firewall can be hardware or software, and the protected computer can be a typical PC, network equipment, or embedded device. In all cases, the firewall controls communications to and from devices. It allows or blocks certain types of Internet Protocol (IP) packets based on information contained in the packet, and more specifically in the header of the packet. This information is usually contained in: IP source address, IP destination address, Protocol: Transmission Control Protocol (TCP), User Datagram Protocol (UDP), source port number and destination port number [1] . A firewall can be used as a packet filter. It can forward or block packets based on the information in the network layer and transport layer headers: source and destination IP addresses, source and destination port addresses, and type of protocol (TCP or UDP). A packetfilter firewall is a router that uses a filtering table to decide which packets must be discarded (not forwarded). 
PRIOR WORK
Ayman Kayssi el at. [1] shows design of a firewall for IP networks using a field-programmable gate array (FPGA) The FPGA implements, the accept or deny rules of the firewall in hardware. They make use of static firewall rule list and reflexive firewall rule list to store the rules. a static list of rules that do not change from session to session.They make use of static firewall rule list and reflexive firewall rule list to store the rules. a static list of rules that do not change from session to session. Reflexive firewall rule lists allow IP packets to be filtered based on upper-layer session or connection information. They shows how the rules are translated to VHDL and then implemented in hardware, and how the hardware is utilized to filter network traffic in a packet-by-packet fashion, or based on connection information, with a speed of more than 500,000 packets per second. Rajanish K. Kamat el at. [3] reported a novel design framework for creation of behavioral design. We have examined the opportunities brought about by finite state machines and to harness them into a synthesizable register transfer level (RTL) architecture. We discuss a case study of packet parser its finite state machine (FSM), data path controller architecture and issues related to its Handel-C implementation.
Arief Wicaksana el at. [4] present the architecture of fast and reconfigurable Packet Classification Engine (PCE).This engine is used in FPGA-based firewall. PCE inspects multidimensional field of packet header sequentially based on treebased algorithm. Ethernet packet is examined with PCE based on Source IP Address, Destination IP Address, Source Port, Destination Port, and Protocol fields of the packet header. A rule of firewall is made from combination of some fields from packet header. Rules simplification is approached using an algorithm which uses tree as a basic form; we called it Treebased algorithm. This algorithm simplifies overall system to a lower scale and leads to a more secure system. Raouf Ajami el at. [5] describes the design of a highly customizable hardware packet filtering firewall to be embedded on a network gateway. This firewall has the ability to process the data packets based on source and destination TCP/UDP port number, source and destination IP address range, source MAC address and combination of source IP address, and destination port number. It is capable of accepting configuration changes in real time. A hardware/software co-design is implemented in which the main hardware blocks were built using Verilog Hardware Description Language (HDL). A processor based embedded system with real-time operating system has been designed to achieve highly customized and on the fly configuration change in the firewall. Content Addressable Memory (CAM) was used to improve speed of the packet matching. The whole design has been implemented and evaluated on an Altera FPGA device. All the work which has been done so far is only for IPv4. No one has discussed to implement the IPv6 addresses to IPv4 addresses conversion and vice versa till now. And implement internet firewall for the coming version of IP i.e. IPv6 in FPGA.
FPGA BASED FIREWALL FRAMEWORK FOR IPV6
Here framework for hardware based firewall is given that filter the ipv4 and ipv6 packet on the basis of information contains in packet headers. A hardware based firewall offers the advantages of speed over a software firewall. Given framework will easily implemented using verilog hardware description language. Proposed firewall filter the packets on the basis of IPv4 addresses (32 bit) and port numbers according to the reconfigurable filtering rules stored by the administrator in the rule base. Incoming IPv6 packets header information first converted in IPv4 compatible addresses and then given to the firewall for filtering decisions. 
Packet Buffer
It is a memory (ROM) which stores the whole packet comprising data part and header part.
IP header Extractor
It separates the header part from the data part. And extract the filtering information needed by the filtering unit from the header i.e. Protocol Version, Source IP address, Source Port number, Destination IP, Destination Port etc.
IP version checker
IP version checker checks the version of incoming IP whether it is IPv4 or IPv6 by counting the number of bits of the Source IP or Destination IP. If there are 128 bits in Source IP then it is IPv6 and if total bits are 32 then it is IPv4. 
IPv6 to IPv4 conversion

Comparator
The network must be able to classify and filter this packet. Generally, network devices classify packets into two categories, permitted packets and blocked packets. Permitted packets are forwarded to the next step while blocked packets are removed from the line. There are two basic approaches for security policy, "default deny" and "default allow". "Default deny" means packet is always blocked unless it is specified, and "default allow" is the opposite. Comparator applied list of rules to all packets going through the firewall. Both inbound (from external network to internal network) and outbound (from internal network to external network) rules have the same basic building block. As an example, if we save the list of denied IP addresses in a memory buffer, and we compare each incoming packet source IP address to the stored ones, the packet is denied whenever there is a match.
Stored Firewall Rule List (Deny List)
It is a memory which is used to store the set of rules. 
Forward Packet
If rule match is found than comparator discard the packet ,otherwise incoming packet is accepted and send the control signal to packet buffer to load the next packet.
CONCLUSION
In this paper, we have proposed a frame work that can work with IPv6 as well as IPv4. Here we are mainly focusing on IPv6 to IPv4 conversion and vice versa. Due to exhaustion problem of IPv4 addresses we will soon switch over IPv6. At present 99% internet firewall works on IPv4. It will have some time to completely switch from IPv4 to IPv6. For this duration this framework will be helpful to solve this problem. Software firewalls are applications that run on the host system"s CPU, while hardware Firewalls consist of dedicated hardware. Software firewalls can drag down system performance under stressful network conditions, such as a denial of service attack, because the host system"s CPU is executing the filtering rules. Dedicated hardware firewalls designed to manage a large network are often expensive and meant to be located between a private network and the Internet. The above firewall model will be implemented in FPGA technology.
