Apply by doing:
       cd /usr/src
       patch -p0 < 002_pf.patch

Then build and install a new kernel.

Index: sys/net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.634
diff -u -p -r1.634 pf.c
--- sys/net/pf.c        27 Feb 2009 12:37:45 -0000      1.634
+++ sys/net/pf.c        10 Apr 2009 22:44:23 -0000
@@ -5243,6 +5243,15 @@ pf_test(int dir, struct ifnet *ifp, stru
               break;
       }

+#ifdef INET6
+       case IPPROTO_ICMPV6: {
+               action = PF_DROP;
+               DPFPRINTF(PF_DEBUG_MISC,
+                   ("pf: dropping IPv4 packet with ICMPv6 payload\n"));
+               goto done;
+       }
+#endif
+
       default:
               action = pf_test_state_other(&s, dir, kif, m, &pd);
               if (action == PF_PASS) {
@@ -5595,6 +5604,13 @@ pf_test6(int dir, struct ifnet *ifp, str
                       action = pf_test_rule(&r, &s, dir, kif,
                           m, off, h, &pd, &a, &ruleset, &ip6intrq);
               break;
+       }
+
+       case IPPROTO_ICMP: {
+               action = PF_DROP;
+               DPFPRINTF(PF_DEBUG_MISC,
+                   ("pf: dropping IPv6 packet with ICMPv4 payload\n"));
+               goto done;
       }

       case IPPROTO_ICMPV6: {

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.