diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -34,6 +34,11 @@
 #ifndef _NET_PFVAR_H_
 #define _NET_PFVAR_H_
 
+#ifdef _KERNEL
+#include "opt_inet.h"
+#include "opt_inet6.h"
+#endif
+
 #include <sys/param.h>
 #include <sys/queue.h>
 #include <sys/counter.h>
@@ -1584,6 +1589,16 @@
 struct pf_sctp_multihome_job;
 TAILQ_HEAD(pf_sctp_multihome_jobs, pf_sctp_multihome_job);
 
+typedef enum {
+#ifdef INET
+	PF_AF_INET = AF_INET,
+#endif
+#ifdef INET6
+	PF_AF_INET6 = AF_INET6,
+#endif
+} pf_af_t;
+
+
 struct pf_pdesc {
 	struct {
 		int	 done;
@@ -1619,7 +1634,7 @@
 					 * state code. Easier than tags */
 #define PFDESC_TCP_NORM	0x0001		/* TCP shall be statefully scrubbed */
 #define PFDESC_IP_REAS	0x0002		/* IP frags would've been reassembled */
-	sa_family_t	 af;
+	pf_af_t		 af;
 	u_int8_t	 proto;
 	u_int8_t	 tos;
 	u_int8_t	 dir;		/* direction */
@@ -2352,7 +2367,7 @@
 extern void			 pf_addrcpy(struct pf_addr *, struct pf_addr *,
 				    sa_family_t);
 void				pf_free_rule(struct pf_krule *);
-int				pf_setup_pdesc(sa_family_t, int,
+int				pf_setup_pdesc(pf_af_t, int,
 				    struct pf_pdesc *, struct mbuf *,
 				    u_short *, u_short *, struct pfi_kkif *,
 				    struct pf_krule **, struct pf_krule **,
@@ -2362,7 +2377,7 @@
 int	pf_test_eth(int, int, struct ifnet *, struct mbuf **, struct inpcb *);
 int	pf_scan_sctp(struct mbuf *, int, struct pf_pdesc *, struct pfi_kkif *);
 #if defined(INET) || defined(INET6)
-int	pf_test(sa_family_t, int, int, struct ifnet *, struct mbuf **, struct inpcb *,
+int	pf_test(pf_af_t, int, int, struct ifnet *, struct mbuf **, struct inpcb *,
 	    struct pf_rule_actions *);
 #endif
 #ifdef INET
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -584,15 +584,17 @@
 }
 
 static bool
-pf_is_loopback(sa_family_t af, struct pf_addr *addr)
+pf_is_loopback(pf_af_t af, struct pf_addr *addr)
 {
 	switch (af) {
+#ifdef INET
 	case AF_INET:
 		return IN_LOOPBACK(ntohl(addr->v4.s_addr));
+#endif
+#ifdef INET6
 	case AF_INET6:
 		return IN6_IS_ADDR_LOOPBACK(&addr->v6);
-	default:
-		panic("Unknown af %d", af);
+#endif
 	}
 }
 
@@ -664,26 +666,34 @@
 	default:
 		if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af)) {
 			switch (pd->af) {
+#ifdef INET
 			case AF_INET:
 				pf_change_a(&pd->src->v4.s_addr,
 				    pd->ip_sum, nk->addr[pd->sidx].v4.s_addr,
 				    0);
 				break;
+#endif
+#ifdef INET6
 			case AF_INET6:
 				PF_ACPY(pd->src, &nk->addr[pd->sidx], pd->af);
 				break;
+#endif
 			}
 		}
 		if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af)) {
 			switch (pd->af) {
+#ifdef INET
 			case AF_INET:
 				pf_change_a(&pd->dst->v4.s_addr,
 				    pd->ip_sum, nk->addr[pd->didx].v4.s_addr,
 				    0);
 				break;
+#endif
+#ifdef INET6
 			case AF_INET6:
 				PF_ACPY(pd->dst, &nk->addr[pd->didx], pd->af);
 				break;
+#endif
 			}
 		}
 		break;
@@ -8410,20 +8420,21 @@
 	dnflow->f_id.proto = pd->proto;
 	dnflow->f_id.extra = dnflow->rule.info;
 	switch (pd->af) {
+#ifdef INET
 	case AF_INET:
 		dnflow->f_id.addr_type = 4;
 		dnflow->f_id.src_ip = ntohl(pd->src->v4.s_addr);
 		dnflow->f_id.dst_ip = ntohl(pd->dst->v4.s_addr);
 		break;
+#endif
+#ifdef INET6
 	case AF_INET6:
 		dnflow->flags |= IPFW_ARGS_IP6;
 		dnflow->f_id.addr_type = 6;
 		dnflow->f_id.src_ip6 = pd->src->v6;
 		dnflow->f_id.dst_ip6 = pd->dst->v6;
 		break;
-	default:
-		panic("Invalid AF");
-		break;
+#endif
 	}
 
 	return (true);
@@ -8556,7 +8567,7 @@
 }
 
 int
-pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf *m,
+pf_setup_pdesc(pf_af_t af, int dir, struct pf_pdesc *pd, struct mbuf *m,
     u_short *action, u_short *reason, struct pfi_kkif *kif, struct pf_krule **a,
     struct pf_krule **r, struct pf_kruleset **ruleset, int *off, int *hdrlen,
     struct pf_rule_actions *default_actions)
@@ -8697,8 +8708,6 @@
 		break;
 	}
 #endif
-	default:
-		panic("pf_setup_pdesc called with illegal af %u", af);
 	}
 
 	switch (pd->proto) {
@@ -8889,14 +8898,18 @@
 
 #if defined(INET) || defined(INET6)
 int
-pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0,
+pf_test(pf_af_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0,
     struct inpcb *inp, struct pf_rule_actions *default_actions)
 {
 	struct pfi_kkif		*kif;
 	u_short			 action, reason = 0;
 	struct mbuf		*m = *m0;
+#ifdef INET
 	struct ip		*h = NULL;
+#endif
+#ifdef INET6
 	struct ip6_hdr		*h6 = NULL;
+#endif
 	struct m_tag		*mtag;
 	struct pf_krule		*a = NULL, *r = &V_pf_default_rule;
 	struct pf_kstate	*s = NULL;
@@ -8909,6 +8922,13 @@
 
 	PF_RULES_RLOCK_TRACKER;
 	KASSERT(dir == PF_IN || dir == PF_OUT, ("%s: bad direction %d\n", __func__, dir));
+#if defined(INET) && defined(INET6)
+	KASSERT(af == AF_INET || af == AF_INET6, ("Unsupported af %d", af));
+#elif defined(INET)
+	KASSERT(af == AF_INET, ("Unsupported af %d", af));
+#elif defined(INET6)
+	KASSERT(af == AF_INET6, ("Unsupported af %d", af));
+#endif
 	M_ASSERTPKTHDR(m);
 
 	if (!V_pf_status.running)
@@ -8997,8 +9017,6 @@
 		ttl = h6->ip6_hlim;
 		break;
 #endif
-	default:
-		panic("Unknown af %d", af);
 	}
 
 	if (pf_setup_pdesc(af, dir, &pd, m, &action, &reason, kif, &a, &r,
@@ -9085,8 +9103,6 @@
 		}
 		break;
 #endif
-	default:
-		panic("Unknown af %d", af);
 	}
 
 	switch (pd.proto) {
@@ -9294,10 +9310,18 @@
 			else
 				pd.pf_mtag->qid = pd.act.qid;
 			/* Add hints for ecn. */
-			if (af == AF_INET)
+			switch (af) {
+#ifdef INET
+			case AF_INET:
 				pd.pf_mtag->hdr = h;
-			else
+				break;
+#endif
+#ifdef INET6
+			case AF_INET6:
 				pd.pf_mtag->hdr = h6;
+				break;
+#endif
+			}
 		}
 	}
 #endif /* ALTQ */
@@ -9314,6 +9338,7 @@
 	    pf_is_loopback(af, pd.dst))
 		m->m_flags |= M_SKIP_FIREWALL;
 
+#ifdef INET
 	if (af == AF_INET && __predict_false(ip_divert_ptr != NULL) &&
 	    action == PF_PASS && r->divert.port && !PACKET_LOOPED(&pd)) {
 		mtag = m_tag_alloc(MTAG_PF_DIVERT, 0,
@@ -9356,9 +9381,12 @@
 			    ("pf: failed to allocate divert tag\n"));
 		}
 	}
+#endif
+#ifdef INET6
 	/* XXX: Anybody working on it?! */
 	if (af == AF_INET6 && r->divert.port)
 		printf("pf: divert(9) is not supported for IPv6\n");
+#endif
 
 	/* this flag will need revising if the pkt is forwarded */
 	if (pd.pf_mtag)
@@ -9413,8 +9441,6 @@
 				pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp);
 				break;
 #endif
-			default:
-				panic("Unknown af %d", af);
 			}
 			goto out;
 		}
diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c
--- a/sys/netpfil/pf/pf_syncookies.c
+++ b/sys/netpfil/pf/pf_syncookies.c
@@ -435,16 +435,18 @@
 	SipHash_SetKey(&ctx, V_pf_syncookie_status.key[cookie.flags.oddeven]);
 
 	switch (pd->af) {
+#ifdef INET
 	case AF_INET:
 		SipHash_Update(&ctx, pd->src, sizeof(pd->src->v4));
 		SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v4));
 		break;
+#endif
+#ifdef INET6
 	case AF_INET6:
 		SipHash_Update(&ctx, pd->src, sizeof(pd->src->v6));
 		SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v6));
 		break;
-	default:
-		panic("unknown address family");
+#endif
 	}
 
 	SipHash_Update(&ctx, pd->sport, sizeof(*pd->sport));