From owner-freebsd-stable@freebsd.org  Wed Apr 14 14:17:04 2021
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A43C25DAC7B
 for <freebsd-stable@mailman.nyi.freebsd.org>;
 Wed, 14 Apr 2021 14:17:04 +0000 (UTC) (envelope-from peter@pean.org)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 4FL4Kr3NLwz3K4N
 for <freebsd-stable@freebsd.org>; Wed, 14 Apr 2021 14:17:04 +0000 (UTC)
 (envelope-from peter@pean.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 7247F5DAD0C; Wed, 14 Apr 2021 14:17:04 +0000 (UTC)
Delivered-To: stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 721635DAA64
 for <stable@mailman.nyi.freebsd.org>; Wed, 14 Apr 2021 14:17:04 +0000 (UTC)
 (envelope-from peter@pean.org)
Received: from system.jails.se (system.jails.se [52.16.239.146])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FL4Kq4Tzlz3K8y
 for <stable@FreeBSD.org>; Wed, 14 Apr 2021 14:17:03 +0000 (UTC)
 (envelope-from peter@pean.org)
Received: from [172.20.10.2] (unknown [94.234.35.195])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by system.jails.se (Postfix) with ESMTPSA id 0703F32AF00
 for <stable@FreeBSD.org>; Wed, 14 Apr 2021 16:16:55 +0200 (CEST)
From: =?utf-8?Q?Peter_Ankerst=C3=A5l?= <peter@pean.org>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Subject: using interface groups in pf tables stopped working in 13.0-RELEASE
Message-Id: <431C3D85-C754-4E1C-94E0-333DE254F0AC@pean.org>
Date: Wed, 14 Apr 2021 16:16:54 +0200
To: "stable@freebsd.org" <stable@FreeBSD.org>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-Rspamd-Queue-Id: 4FL4Kq4Tzlz3K8y
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of peter@pean.org designates 52.16.239.146
 as permitted sender) smtp.mailfrom=peter@pean.org
X-Spamd-Result: default: False [-1.11 / 15.00]; RCVD_TLS_ALL(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FREEFALL_USER(0.00)[peter];
 FROM_HAS_DN(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[52.16.239.146:from];
 MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[stable@freebsd.org]; ARC_NA(0.00)[];
 RCPT_COUNT_ONE(0.00)[1];
 SPAMHAUS_ZRD(0.00)[52.16.239.146:from:127.0.2.255];
 DMARC_NA(0.00)[pean.org]; R_SPF_ALLOW(-0.20)[+mx];
 NEURAL_HAM_SHORT(-1.00)[-1.000]; MID_RHS_MATCH_FROM(0.00)[];
 NEURAL_SPAM_LONG(0.69)[0.690]; TO_DN_EQ_ADDR_ALL(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:16509, ipnet:52.16.0.0/15, country:US];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[stable]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2021 14:17:04 -0000

In pf I use the interface group syntax alot to make the configuration =
more readable. All interfaces are assigned to a group representing its =
use/vlan name.=20

For example:

ifconfig_igb1_102=3D"172.22.0.1/24 group iot description 'iot vlan' up"
ifconfig_igb1_102_ipv6=3D"inet6 2001:470:de59:22::1/64"

ifconfig_igb1_300=3D"172.26.0.1/24 group mgmt description 'mgmt vlan=E2=80=
=99 up"
ifconfig_igb1_300_ipv6=3D"inet6 2001:470:de59:26::1/64=E2=80=9D

in pf.conf I use these group names all over the place. But since I =
upgraded to 13.0-RELEASE it no longer works to define a table using the =
:network syntax and interface groups:

table   <nat_addresses> const { trusted:network mgmt:network dmz:network =
guest:network edmz:network \
        admin:network iot:network client:network }

If I reload the configuration I get the following:
# pfctl -f /etc/pf.conf
/etc/pf.conf:12: cannot create address buffer: Invalid argument
pfctl: Syntax error in config file: pf rules not loaded

I have tried to use just one network, double check the interface group =
setting and so on, but with no luck.=20

to use actual interface works just fine:

table   <nat_addresses> { igb1.300:network }

but using the group fails:

# ifconfig -g mgmt
igb1.300

table   <nat_addresses> { mgmt:network }

# pfctl -f /etc/pf.conf
/etc/pf.conf:12: cannot create address buffer: Invalid argument
pfctl: Syntax error in config file: pf rules not loaded

Any ideas?=20

Thanks!

/Peter.=