diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c
index a0aa2c3233..b86adcc5bc 100644
--- a/src/runmode-unittests.c
+++ b/src/runmode-unittests.c
@@ -237,8 +237,6 @@ void RunUnittests(int list_unittests, const char *regex_arg)
     SigTableSetup(); /* load the rule keywords */
     TmqhSetup();
 
-    CIDRInit();
-
     TagInitCtx();
     SCReferenceConfInit();
     SCClassConfInit();
diff --git a/src/suricata.c b/src/suricata.c
index b05eee0c75..f0bf6ff68d 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2664,8 +2664,6 @@ int PostConfLoadedSetup(SCInstance *suri)
     SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string);
     TmqhSetup();
 
-    CIDRInit();
-
     TagInitCtx();
     PacketAlertTagInit();
     ThresholdInit();
diff --git a/src/util-cidr.c b/src/util-cidr.c
index 7889a5ecf4..41d9b66536 100644
--- a/src/util-cidr.c
+++ b/src/util-cidr.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2022 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -26,24 +26,46 @@
 #include "suricata-common.h"
 #include "util-cidr.h"
 
-static uint32_t cidrs[33];
+uint32_t CIDRGet(int cidr)
+{
+    if (cidr <= 0 || cidr > 32)
+        return 0;
+    uint32_t netmask = htonl(0xFFFFFFFF << (32UL - (uint32_t)cidr));
+    SCLogDebug("CIDR %d -> netmask %08X", cidr, netmask);
+    return netmask;
+}
 
-void CIDRInit(void)
+/**
+ * \brief Creates a cidr ipv6 netblock, based on the cidr netblock value.
+ *
+ *        For example if we send a cidr of 7 as argument, an ipv6 address
+ *        mask of the value FE:00:00:00:00:00:00:00 is created and updated
+ *        in the argument struct in6_addr *in6.
+ *
+ * \todo I think for the final section: while (cidr > 0), we can simply
+ *       replace it with a
+ *       if (cidr > 0) {
+ *           in6->s6_addr[i] = -1 << (8 - cidr);
+ *
+ * \param cidr The value of the cidr.
+ * \param in6  Pointer to an ipv6 address structure(struct in6_addr) which will
+ *             hold the cidr netblock result.
+ */
+void CIDRGetIPv6(int cidr, struct in6_addr *in6)
 {
     int i = 0;
 
-    /* skip 0 as it will result in 0xffffffff */
-    cidrs[0] = 0;
-    for (i = 1; i < 33; i++) {
-        cidrs[i] = htonl(0xFFFFFFFF << (32 - i));
-        //printf("CIDRInit: cidrs[%02d] = 0x%08X\n", i, cidrs[i]);
+    memset(in6, 0, sizeof(struct in6_addr));
+
+    while (cidr > 8) {
+        in6->s6_addr[i] = 0xff;
+        cidr -= 8;
+        i++;
     }
-}
 
-uint32_t CIDRGet(int cidr)
-{
-    if (cidr < 0 || cidr > 32)
-        return 0;
-    return cidrs[cidr];
+    while (cidr > 0) {
+        in6->s6_addr[i] |= 0x80;
+        if (--cidr > 0)
+            in6->s6_addr[i] = in6->s6_addr[i] >> 1;
+    }
 }
-
diff --git a/src/util-cidr.h b/src/util-cidr.h
index ee275b4cc3..3653b8b95a 100644
--- a/src/util-cidr.h
+++ b/src/util-cidr.h
@@ -24,8 +24,8 @@
 #ifndef __UTIL_NETMASK_H__
 #define __UTIL_NETMASK_H__
 
-void CIDRInit(void);
 uint32_t CIDRGet(int);
+void CIDRGetIPv6(int cidr, struct in6_addr *in6);
 
 #endif /* __UTIL_NETMASK_H__ */