the pf.conf parser and manpages could use a bit of TLC following adding the v4/v6 protocol translation code.
in the meantime, adding "inet" to the line is likely to help. On 2011-12-06, Chris Smith <obsd_m...@chrissmith.org> wrote: > Having some issues with -current. > > This line in pf.conf: > match out on $ext_if from <my_net> to any nat-to $ext_ad0 > > Generates the following error: > # pfctl -n -f /etc/pf.conf > /etc/pf.conf:41: af-to is not supported on match rules > /etc/pf.conf:41: skipping rule due to errors > /etc/pf.conf:41: rule expands to no valid combination > > However in an earlier release (a not so current version of 4.9 > -current) the syntax works fine. > > And so far I have been unable to get: > match out on $ext_if from $my_if to any nat-to $ext_ad0 > or > match out on $ext_if from $my_if:network to any nat-to $ext_ad0 > to actually work although they parse properly. > > man pf.conf has no entry for af-to
