npf issue on 6.0_STABLE

[Pongthep Kulkrisada <ptkrisada%gmail.com@localhost>]

Hi All,

I have been using my /etc/npf.conf since the first release of NetBSD 6.0 around 
mid October 2012. There were no problems. But I keep updating my system to the 
latest STABLE. Recently I have just noticed an error message for npf at boot 
time. I did not change anything in /etc/npf.conf.

# uname -a
NetBSD netbsd.localdomain 6.0_STABLE NetBSD 6.0_STABLE (GENERIC) #2: Tue Jan 29 
10:19:27 ICT 2013  
root@netbsd.localdomain:/usr/obj/sys/arch/i386/compile/GENERIC i386

# npfctl reload (the same error message in /var/run/rc.log)
/etc/npf.conf:18:35: wrong variable 'ext_if' type 'string' for address or 
interface near '$ext_if'

Here's my partial /etc/npf.conf.
# /etc/npf.conf
$ext_if = "pcn0"
#$ext_if6 = "tun0"

$services = { ftp, ssh }

$localnet = { 192.168.1.0/24 }

procedure "log" {
#       log: npflog0
}

procedure "norm" {
        normalise: "random-id"
}

group (name "external", interface $ext_if) {
        pass in final proto tcp to $ext_if port $services apply "log"
        # only SYN packets need to generate state
        pass stateful out final family inet proto tcp flags S/SA from $ext_if 
apply "norm"
        # pass the other tcp packets without generating extra state
        pass out final family inet proto tcp from $ext_if apply "norm"
        # all other types of traffic, generate state per packet
        pass stateful out final family inet from $ext_if apply "norm"
}

group (default) {
        pass final on lo0 all
        block all apply "log"
}

Refer to the latest npf.conf(5).
If I change $ext_if = "pcn0" to $ext_if = inet4(pcn0), then
# npfctl reload
npfctl: object: 7
npfctl: ioctl: Invalid argument

Any suggestions are highly appreciated.

Thanks,
-- 
Pongthep Kulkrisada
 
"UNIX is basically a simple operating system,
but you have to be a genius to understand the simplicity."
-- Dennis M. Ritchie