COMMAND

    ipfw

SYSTEMS AFFECTED

    FreeBSD

PROBLEM

    Darren Reed found following.  If someone is doing packet filtering
    using ipfw to do packet filtering with a FreeBSD box configured to
    do bridging, it is  relatively easy to make  the box go "boom"  as
    none of the  standard header sanity  checks are done  prior to the
    filter routine being called (check /sys/net/bridge.c).

SOLUTION

    It is a feature "copied" from OpenBSD but somehow large amounts of
    code were not copied and bugs resulted.