When specifying a probability attribute on a rule and the value is out of range, pfctl reports the problem using the internal probability value, an unsigned greater than UINT_MAX, rather than what you actually specified.
The accepted range is either a number between 0 and 1 or between 0 and 100 if followed by a % character (to specify the value in percent). The pfctl rule output already display the probability value in percent: # pfctl -sr | grep prob pass in on em0 inet proto icmp all keep state probability 50% so I think the error message should contain the value in percent also. Below transcript is using current pfctl and patched pfctl (diff below): # grep prob pf.conf pass in on $int_if inet proto icmp all probability 1.1 # pfctl -f pf.conf pf.conf:11: invalid probability: 4724464025.000000 pfctl: Syntax error in config file: pf rules not loaded # /usr/src/sbin/pfctl/obj/pfctl -f pf.conf pf.conf:11: invalid probability: 1.1 (110%) pfctl: Syntax error in config file: pf rules not loaded # Maybe something like this? Index: parse.y =================================================================== RCS file: /cvs/src/sbin/pfctl/parse.y,v retrieving revision 1.594 diff -u -p -r1.594 parse.y --- parse.y 24 Sep 2010 09:17:46 -0000 1.594 +++ parse.y 13 Dec 2010 16:28:43 -0000 @@ -2208,7 +2208,8 @@ filter_opt : USER uids { p = floor($2 * UINT_MAX + 0.5); if (p < 0.0 || p > UINT_MAX) { - yyerror("invalid probability: %lf", p); + yyerror("invalid probability: %g (%g%%)", $2, + $2 * 100); YYERROR; } filter_opts.prob = (u_int32_t)p;