Hi, I’ve had a bug report against FreeBSD’s pfctl which I think also applies to OpenBSD.
The gist of it is that the macro expansion in labels/tags is done prior to the rule optimisation, which means that at least the $nr expansion can be wrong. I’ve proposed this fix in FreeBSD: [https://reviews.freebsd.org/D32488](https://reviews.freebsd.org/D32488) It essentially just moves the label expansion so it’s done after the optimisation step. Here’s my test case: [https://reviews.freebsd.org/D32489](https://reviews.freebsd.org/D32489) Best regards, Kristof
