pfSense

Having a match rule, either manually or from ALTQ traffic shaping, leads to a pfctl error loading the rules:

pfctl: Invalid rule type 12

Happens on Plus 21.05 snapshots as well as 2.6.0 snapshots.

Simple to reproduce, add a rule on the Floating tab with the action set to match. The other parameters don't seem to matter, so set a random TCP port, save and apply. Then after applying, there will be an notification of the error.

Remove the match rule(s) and/or remove ATLQ traffic shaping and the rules load as expected.

Rule from /tmp/rules.debug:

match  on {  ix3  } inet proto tcp  from any to any port 65164 tracker 1619532858 flags S/SA  label "USER_RULE: match test" 

Same rules load fine on 21.02.2/2.5.1.