ok?
Index: net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.2
diff -u -p -r1.2 pf.c
--- net/pf.c 26 Dec 2008 18:51:52 -0000 1.2
+++ net/pf.c 12 Aug 2009 20:54:12 -0000
@@ -5754,6 +5754,15 @@ pf_test(int dir, struct ifnet *ifp, stru
break;
}
+#ifdef INET6
+ case IPPROTO_ICMPV6: {
+ action = PF_DROP;
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: dropping IPv4 packet with ICMPv6 payload\n"));
+ goto done;
+ }
+#endif
+
default:
action = pf_test_state_other(&s, dir, kif, m, &pd);
if (action == PF_PASS) {
@@ -6103,6 +6112,13 @@ pf_test6(int dir, struct ifnet *ifp, str
action = pf_test_rule(&r, &s, dir, kif,
m, off, h, &pd, &a, &ruleset, &ip6intrq);
break;
+ }
+
+ case IPPROTO_ICMP: {
+ action = PF_DROP;
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: dropping IPv6 packet with ICMPv4 payload\n"));
+ goto done;
}
case IPPROTO_ICMPV6: {
