The Book of PF Erratum 02: Wrong syntax in ICMP example
--------------------------------------------------------------------

September 5th, 2015

The Book of PF, 3rd edition, page 39: Syntax error in rule sample

The rules example at the top of page 39 misplaces the icmp-types and icmp6-types argument.

The rules that say 

        pass inet proto icmp icmp-type $icmp_types from $localnet
        pass inet proto icmp icmp-type $icmp_types to $ext_if

and similarily for the icmp6-types argument for IPv6, 

        pass inet6 proto icmp6 icmp6-type $icmp6_types from $localnet
        pass inet6 proto icmp6 icmp6-type $icmp6_types to $ext_if

will fail the pfctl syntax test, and a configuration containing those
rules will not load

The icmp-types and icmp6-types argument should be moved to
after the target designation. The correct form of these rules is: 

        pass inet proto icmp from $localnet icmp-type $icmp_types
        pass inet proto icmp to $ext_if icmp-type $icmp_types
        pass inet6 proto icmp6 from $localnet icmp6-type $icmp6_types
        pass inet6 proto icmp6 to $ext_if icmp6-type $icmp6_types

Thanks to Joseph A Borg for making me aware of this error.