Then the prayer:
The rule was there. Clean. PF was running. CARP sync re-established. The pager fell silent. pf configuration incompatible with pf program version
/var/log/messages: pfctl: /etc/pf.conf:87: syntax error /var/log/messages: pfctl: /etc/pf.conf:87: rule expands to a non-list element Then the prayer: The rule was there
pfctl -sr | grep "api_sources"
He pulled up the man page on his laptop. pf.conf(5) . There it was, buried in the "Migration Notes" for 7.5: The from <list> syntax has been deprecated for non-route-related filter rules. Use an anchor or table for multiple source prefixes. Direct lists in a pass in rule will now raise a fatal syntax error. A fatal error. Not a warning. Not a "this might break." A stone-cold, refuse-to-start fatal error. CARP sync re-established
OpenBSD 7.5-current (GENERIC) #5
pass in on $ext_if inet proto tcp from 10.88.12.0/24, 10.88.13.0/24 to port 8080