pfSense

The file which creates rules for pf (probably filter.inc), is creating wrong lines for rules which have no specific protocol.
It may have been introduced before this build.

Generated rules look like:
pass log quick on { WANs openvpn } proto from any to 10.0.0.16 keep state label "USER_RULE: Test"
pass in log quick on $BACKUPINTERFACE proto from 10.0.0.1/24 to ! 10.0.0.0/8 keep state label "USER_RULE: LoadBalance"

You can see that there's "proto" followed by no protocol. Removing "proto" fixes the issue.

I'll try to provide a fix later. However, I currently cannot access my router over SSH, seems there's another issue with the anti-lockout rule not really working anymore.