pfSense

In the current version (2.8.0) of pfsense is it possible to contact rfc1918 addresses using nat64, for example ping '64:ff9b::192.168.1.1'. This is insecure according to RFC6052.
Is there a setting to ensure behavior according to RFC6052? I've temporary added a firewall rule above blocking RFC1918 subnets translated to nat64.
I believe this is a security vulnerability that could lead to bypassing of firewall rules.

[RFC6052 Section 3.1](https://www.rfc-editor.org/rfc/rfc6052#section-3.1) says:
The Well-Known Prefix MUST NOT be used to represent non-global IPv4 addresses, such as those defined in [RFC1918](https://www.rfc-editor.org/rfc/rfc1918) or listed in Section 3 of [RFC5735](https://www.rfc-editor.org/rfc/rfc5735#section-3). Address translators MUST NOT translate packets in which an address is composed of the Well-Known Prefix and a non-global IPv4 address; they MUST drop these packets.