Hello,

You are right! I mixed up my patch with the FreeBSD one which has a different syntax.
See below for a corrected version. Sorry for the noise.

Kind regards,
--
Quentin THÉBAULT
Defenso | Ingénierie de cyberdéfense | Associé
defenso.fr

Index: share/man/man5/pf.conf.5
===================================================================
RCS file: /cvs/src/share/man/man5/pf.conf.5,v
diff -u -p -r1.602 pf.conf.5
--- share/man/man5/pf.conf.5    15 Apr 2024 14:06:52 -0000      1.602
+++ share/man/man5/pf.conf.5    10 Dec 2024 05:25:23 -0000
@@ -91,6 +91,8 @@ Macro names may not be reserved words (f
 .Cm in ,
 .Cm out ) .
 Macros are not expanded inside quotes.
+Ranges of network addresses used in macros that will be expanded in lists
+must be quoted with additional single quotes.
 .Pp
 For example:
 .Bd -literal -offset indent
@@ -98,6 +100,11 @@ ext_if = "kue0"
 all_ifs = "{" $ext_if lo0 "}"
 pass out on $ext_if from any to any
 pass in  on $ext_if proto tcp from any to any port 25
+
+usr_lan_range = "'192.0.2.0/24'"
+srv_lan_range = "'198.51.100.0 - 198.51.100.255'"
+nat_ranges = \&"{\&" $usr_lan_range $srv_lan_range \&"}\&"
+pass out on tl0 inet from $nat_ranges to any nat-to (tl0)
 .Ed
 .Sh PACKET FILTERING
 .Xr pf 4