Fix PF rules syntax error with route-to clause

blink-so[bot] · f0ssel · blink-so[bot] · commit 7ae8362317a9 · 2025-09-13T18:04:14.000Z
- Correct the order of 'on interface' and 'route-to' in PF rules
- PF syntax requires 'pass out on interface route-to' not 'pass out route-to on interface'
- Fixes syntax error on line 13 of PF rules file
- Should resolve pfctl loading failure

Co-authored-by: f0ssel &lt;19379394+f0ssel@users.noreply.github.com&gt;
diff --git a/namespace/macos.go b/namespace/macos.go
@@ -230,7 +230,7 @@ rdr pass on lo0 inet proto tcp from any to any -> 127.0.0.1 port %d
 pass out route-to (lo0 127.0.0.1) inet proto tcp from any to any group %d keep state
 
 # Also handle ALL TCP traffic on the specific interface from the group
-pass out route-to (lo0 127.0.0.1) on %s inet proto tcp from any to any group %d keep state
+pass out on %s route-to (lo0 127.0.0.1) inet proto tcp from any to any group %d keep state
 
 # Allow all loopback traffic
 pass on lo0 all
