I have been trying to get ipf to filter tunnelled ipv6 traffic under
1.5.3_ALPHA from 2002/02/11 (5 days ago). ipf is working fine with ipv4
traffic, but with ipv6 nothing seems to happen. This ressembles PR#13178,
which is now marked as closed.

I am connecting to freenet6 via a gif tunnel. I have the following rules:
# ipfstat -ionh6
0 @1 block out from any to any
0 @1 block in from any to any

that were loaded by:
# ipf -6f /etc/ipf6.conf

but I can still ping6:
# ping6 -I gif0 www.netbsd.org
16 bytes from 3ffe:8050:201:1860:290:27ff:feab:19a7, icmp_seq=0 hlim=58 time=282.495 ms
16 bytes from 3ffe:8050:201:1860:290:27ff:feab:19a7, icmp_seq=1 hlim=58 time=369.904 ms

There appear to be pfil hooks in netinet6/ip6_input.c. I have options INET6,
options PFIL_HOOKS and options IPFILTER_LOG in my kernel.

Versions and things:
# ipf -V
ipf: IP Filter: v3.4.23 (336)
Kernel: IP Filter: v3.4.23
Running: yes
Log Flags: 0x20000000 = block
Default: pass all, Logging: available
Active list: 0
# uname -srm
NetBSD 1.5.3_ALPHA i386

I also have this ipv4 rule to allow the tunnel:
pass in on vr0 proto ipv6 from 206.123.31.114 to any
pass out on vr0 proto ipv6 from any to 206.123.31.114