pfctl -sr | grep "api_sources"
The alert came in at 03:14, which meant the on-call pager was now a small, vibrating god of wrath on Julian’s nightstand. pf configuration incompatible with pf program version
echo "table <api_sources> persist 10.88.12.0/24, 10.88.13.0/24 " >> /etc/pf.conf sed -i '87s/from .* /from <api_sources>/' /etc/pf.conf pfctl -sr | grep "api_sources" The alert came
He wrote his post-mortem at dawn. Title: "PF_CONFIG_VERSION vs. PF_PROGRAM_VERSION: A Case of Silent Deprecation." PF_PROGRAM_VERSION: A Case of Silent Deprecation
He VPN’d in, his coffee cold before he’d even poured it. The first command was ritual.
He pulled up the man page on his laptop. pf.conf(5) . There it was, buried in the "Migration Notes" for 7.5: The from <list> syntax has been deprecated for non-route-related filter rules. Use an anchor or table for multiple source prefixes. Direct lists in a pass in rule will now raise a fatal syntax error. A fatal error. Not a warning. Not a "this might break." A stone-cold, refuse-to-start fatal error.