Apply by doing:
	cd /usr/src
	patch -p0 < 013_pf.patch

Then build and install a new kernel.

--- sys/net/pf.c	2 Aug 2008 12:34:37 -0000	1.614
+++ sys/net/pf.c	10 Apr 2009 22:47:58 -0000
@@ -5755,6 +5755,15 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
 		break;
 	}
 
+#ifdef INET6
+	case IPPROTO_ICMPV6: {
+		action = PF_DROP;
+		DPFPRINTF(PF_DEBUG_MISC,
+		    ("pf: dropping IPv4 packet with ICMPv6 payload\n"));
+		goto done;
+	}
+#endif
+
 	default:
 		action = pf_test_state_other(&s, dir, kif, m, &pd);
 		if (action == PF_PASS) {
@@ -6104,6 +6113,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
 			action = pf_test_rule(&r, &s, dir, kif,
 			    m, off, h, &pd, &a, &ruleset, &ip6intrq);
 		break;
+	}
+
+	case IPPROTO_ICMP: {
+		action = PF_DROP;
+		DPFPRINTF(PF_DEBUG_MISC,
+		    ("pf: dropping IPv6 packet with ICMPv4 payload\n"));
+		goto done;
 	}
 
 	case IPPROTO_ICMPV6: {