Problems using the "!"

[thomaspries]

Description

a) Using the "!" together with variables causes a core dump, listing the networks as CDIR works well.

...
$iscsi_net  = { 192.168.209.0/24 }
$nfs_net    = { 192.168.210.0/24 }
$ihome_net  = { 192.168.217.0/24 }
...
group "iscsi_in" in on $iscsi_if  {
    # block all
    block all apply "log_block"

    # allow ping
    pass stateful final proto icmp icmp-type 8 from $iscsi_net to !{ $nfs_net, $ihome_net }  apply "log_ok"
}
...
gw4 /root > npfctl reload
Segmentation fault (core dumped)

modifying the pass line:

...
pass stateful final proto icmp icmp-type 8 from $iscsi_net to !{ 192.168.210.0/24, 192.168.217.0/24 }  apply "log_ok"
...
gw4 /root > npfctl reload
gw4 /root > npfctl show  
# filtering:  active
# config:     loaded
...
group "iscsi_in" in on vlan5 { # id="6" 
    block all apply "log_block" # id="7" 
    pass stateful final family inet4 proto icmp icmp-type 8 from 192.168.209.0/24 to { 192.168.210.0/24, 192.168.217.0/24 } apply "log_ok" # id="8" 
}
...

b) npfctl show does not show the "!", although the negation logic seems works well.

Environment:

• NetBSD 10.0 within Virtual Machine Manager on Ubuntu 24.04
• NetBSD gw4.example.org 10.0 NetBSD 10.0 (GENERIC) #0: Thu Mar 28 08:33:33 UTC 2024 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64