I've just updated -current, and am a few days beyond henning@'s huge PF change.
I'm getting state mismatch warnings from the kernel. I do not understand the entries, so am not sure what to correct, if anything, in my new version of the rule. ----- The rule used to be: rdr pass log on $external_nic proto {tcp udp} from any to any port xxxxx \ -> 192.168.1.42 port xxxxx The rule now is: pass in log quick on $external_nic proto {tcp udp} from any to any port xxxxx \ rdr-to 192.168.1.42 port xxxxx ----- Here are two example warning messages. In each warning message, the first "a0" IP address is different from the second "a0" IP address, which matches the second "a1" address. There are multiple valid states in the state table, so not every state produces these messages: ----- pf: state key linking mismatch! dir=OUT, if=dc0, stored af=2, a0: a.b.c.d:39944, a1: 192.168.1.42:xxxxx, proto=17, found af=2, a0: e.f.g.h:65519, a1: e.f.g.h:48042, proto=17. pf: state key linking mismatch! dir=OUT, if=dc0, stored af=2, a0: i.j.k.l:61418, a1: 192.168.1.42:xxxxx, proto=17, found af=2, a0: m.n.o.p:65519, a1: m.n.o.p:48042, proto=17. ----- Any suggestions would be greatly appreciated. Thanks!