On Thu, Mar 15, 2007 at 10:26:23AM +0000, Gaby Vanhegan wrote: > Hi, > > Reading the security advisory for the ipv6 buffer issue, the > workaround is to block inet6 traffic in pf.conf. My default block > line is actually: > > block in on $ext_if > > Where $ext_if is the net connection (the only network connection the > machine is plugged into). Is the rule: > > block in inet6 > > Redundant in this case, or should it still be added? >
You need to make sure that all your pass rules are for inet only. block in quick inet6 at the beginning of the rules should do the trick. But remeber that localhost is resolved as ::1. -- :wq Claudio
