Subject: Re: ALERT: Security hole introduced by patch being backed out on releng-1-5 branch.
To: Darren Reed <darrenr@reed.wattle.id.au>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 10/25/2001 15:12:20
In message <200110251406.AAA07224@avalon.reed.wattle.id.au>, Darren Reed writes
:
>
>It appears someone decided to remove the code which invokes pfil_hooks
>on forwarded IPv6 packets for the NetBSD 1.5 branch, leading to it not
>being possible to filter them. Thanks releng-1-5, you're my heroes.
>
>
Do you have a patch for 1.5.x to reinstall it? Or should I just turn
off v6?
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com