Apply by doing:
	cd /usr/src
	patch -p0 < 013_pf.patch

Then build and install a new kernel.

--- sys/net/pf.c	20 Feb 2008 23:40:13 -0000	1.567
+++ sys/net/pf.c	10 Apr 2009 22:47:49 -0000
@@ -5620,6 +5620,15 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
 		break;
 	}
 
+#ifdef INET6
+	case IPPROTO_ICMPV6: {
+		action = PF_DROP;
+		DPFPRINTF(PF_DEBUG_MISC,
+		    ("pf: dropping IPv4 packet with ICMPv6 payload\n"));
+		goto done;
+	}
+#endif
+
 	default:
 		action = pf_test_state_other(&s, dir, kif, &pd);
 		if (action == PF_PASS) {
@@ -5969,6 +5978,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
 			action = pf_test_rule(&r, &s, dir, kif,
 			    m, off, h, &pd, &a, &ruleset, &ip6intrq);
 		break;
+	}
+
+	case IPPROTO_ICMP: {
+		action = PF_DROP;
+		DPFPRINTF(PF_DEBUG_MISC,
+		    ("pf: dropping IPv6 packet with ICMPv4 payload\n"));
+		goto done;
 	}
 
 	case IPPROTO_ICMPV6: {