After reboot, no pf rules are applied if the :network interface
	modifier is used in any inet6 rules.  The net result is no firewall!
	The following is logged to syslog:
	
	Apr 10 17:23:11 a kernel: /etc/pf.conf:52: 
	Apr 10 17:23:11 a kernel: rule expands to no valid combination
	Apr 10 17:23:11 a kernel: 
	Apr 10 17:23:11 a kernel: /etc/pf.conf:70: 
	Apr 10 17:23:11 a kernel: rule expands to no valid combination
	Apr 10 17:23:11 a kernel: 
	Apr 10 17:23:11 a kernel: /etc/pf.conf:71: 
	Apr 10 17:23:11 a kernel: rule expands to no valid combination
	Apr 10 17:23:11 a kernel: 
	Apr 10 17:23:11 a kernel: /etc/pf.conf:72: 
	Apr 10 17:23:11 a kernel: rule expands to no valid combination
	Apr 10 17:23:11 a kernel: 
	Apr 10 17:23:11 a kernel: pfctl: 
	Apr 10 17:23:11 a kernel: Syntax error in config file: pf rules not loaded

	pf rules are applied before the IPv6 network config is applied, so pf
	is unable to expand the :network modifier in the inet6 rule statements.

	The relevant lines from pf.conf are:

	52: pass in log on fxp0 inet6 proto tcp from fxp0:network to fxp0 port ssh
	70: pass in on fxp0 inet6 proto icmp6 from fxp0:network to fxp0 icmp6-type $ipv6_nbr_icmp
	71: pass in on fxp0 inet6 proto icmp6 from fxp0:network to ff02::/8 icmp6-type $ipv6_nbr_icmp
	72: pass in on fxp0 inet6 proto icmp6 from fe80::/10 to fxp0:network icmp6-type $ipv6_nbr_icmp

Fix: 

Re-order rc start-up to apply the IPv6 network config. before pf
	rules are applied. That's in theory, obviously. I don't have enough
	knowledge of boot ordering to say with any confidence that there
	won't be some nasty side-effects of such a change.
How-To-Repeat: 
	Add inet6 rule statements which include the :network modifier to
	pf.conf. Ensure there are no active IPv6 addresses on the relevant
	network interfaces. Run `/etc/rc.d/pf start' (with pf_enable=YES in
	rc.conf).