You guys might want to add a note to current.html that from October 13 2011, the NAT updates have made it impossible to not use an address family in a nat-to statement.
The following statement fails now: match out on egress from ($int_if:network) nat-to (egress) Gives the error: /etc/pf.conf:74: af-to is not supported on match rules /etc/pf.conf:74: skipping rule due to errors Changing it to: match out on egress inet from ($int_if:network) nat-to (egress) Fixes it. I wasn't sure how many people explicitly use the address family in their nat-to lines, but this one caught me out when I updated to a newer snapshot earlier this month. Tom
