Apply by doing:
       cd /usr/src
       patch -p0 < 013_pf.patch

Then build and install a new kernel.

--- sys/net/pf.c        20 Feb 2008 23:40:13 -0000      1.567
+++ sys/net/pf.c        10 Apr 2009 22:47:49 -0000
@@ -5620,6 +5620,15 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
               break;
       }

+#ifdef INET6
+       case IPPROTO_ICMPV6: {
+               action = PF_DROP;
+               DPFPRINTF(PF_DEBUG_MISC,
+                   ("pf: dropping IPv4 packet with ICMPv6 payload\n"));
+               goto done;
+       }
+#endif
+
       default:
               action = pf_test_state_other(&s, dir, kif, &pd);
               if (action == PF_PASS) {
@@ -5969,6 +5978,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
                       action = pf_test_rule(&r, &s, dir, kif,
                           m, off, h, &pd, &a, &ruleset, &ip6intrq);
               break;
+       }
+
+       case IPPROTO_ICMP: {
+               action = PF_DROP;
+               DPFPRINTF(PF_DEBUG_MISC,
+                   ("pf: dropping IPv6 packet with ICMPv4 payload\n"));
+               goto done;
       }

       case IPPROTO_ICMPV6: {

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.