Apply by doing:
	cd /usr/src
	patch -p0 < 002_pf.patch

Then build and install a new kernel.

Index: sys/net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.634
diff -u -p -r1.634 pf.c
--- sys/net/pf.c	27 Feb 2009 12:37:45 -0000	1.634
+++ sys/net/pf.c	10 Apr 2009 22:44:23 -0000
@@ -5243,6 +5243,15 @@ pf_test(int dir, struct ifnet *ifp, stru
 		break;
 	}
 
+#ifdef INET6
+	case IPPROTO_ICMPV6: {
+		action = PF_DROP;
+		DPFPRINTF(PF_DEBUG_MISC,
+		    ("pf: dropping IPv4 packet with ICMPv6 payload\n"));
+		goto done;
+	}
+#endif
+
 	default:
 		action = pf_test_state_other(&s, dir, kif, m, &pd);
 		if (action == PF_PASS) {
@@ -5595,6 +5604,13 @@ pf_test6(int dir, struct ifnet *ifp, str
 			action = pf_test_rule(&r, &s, dir, kif,
 			    m, off, h, &pd, &a, &ruleset, &ip6intrq);
 		break;
+	}
+
+	case IPPROTO_ICMP: {
+		action = PF_DROP;
+		DPFPRINTF(PF_DEBUG_MISC,
+		    ("pf: dropping IPv6 packet with ICMPv4 payload\n"));
+		goto done;
 	}
 
 	case IPPROTO_ICMPV6: {