Race condition in NAT reflection filter rules leads to ruleset load failure
On current 2.4.4 snapshots, at boot time the rules can be (re)loaded before all of the interface addresses are present. In most cases this is harmless, but with NAT reflection rules this can lead to a pf error due to the way they reference the interface as a 'from' address in a rule:
There were error(s) loading the rules: /tmp/rules.debug:90: could not parse host specification - The line in question reads : no nat on vmx1 proto tcp from vmx1 to 10.6.0.10 port 22 @ 2018-06-27 08:48:43
The rules are reloaded again after the interfaces settle, and by the time the boot completes the rules load OK, but it still generates a notice and error in the logs so it's not nice for the end user to see each boot.
To me, I have a fix.