diff --git a/sbin/pfctl/tests/files/pf1023.in b/sbin/pfctl/tests/files/pf1023.in
new file mode 100644
index 000000000000..4855ae0f339e
--- /dev/null
+++ b/sbin/pfctl/tests/files/pf1023.in
@@ -0,0 +1,3 @@
+match log(matches) inet proto tcp
+match log(matches) inet from 192.0.2.0/24
+pass
diff --git a/sbin/pfctl/tests/files/pf1023.ok b/sbin/pfctl/tests/files/pf1023.ok
new file mode 100644
index 000000000000..63fa40113ecf
--- /dev/null
+++ b/sbin/pfctl/tests/files/pf1023.ok
@@ -0,0 +1,3 @@
+match log (matches) inet proto tcp all
+match log (matches) inet from 192.0.2.0/24 to any
+pass all flags S/SA keep state
diff --git a/sbin/pfctl/tests/pfctl_test_list.inc b/sbin/pfctl/tests/pfctl_test_list.inc
index 0ab336ec100d..413599252f64 100644
--- a/sbin/pfctl/tests/pfctl_test_list.inc
+++ b/sbin/pfctl/tests/pfctl_test_list.inc
@@ -1,133 +1,134 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
  * Copyright 2020 Alex Richardson <arichardson@FreeBSD.org>
  *
  * This software was developed by SRI International and the University of
  * Cambridge Computer Laboratory (Department of Computer Science and
  * Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the
  * DARPA SSITH research programme.
  *
  * This work was supported by Innovate UK project 105694, "Digital Security by
  * Design (DSbD) Technology Platform Prototype".
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  * 1. Redistributions of source code must retain the above copyright notice,
  *    this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright notice,
  *    this list of conditions and the following disclaimer in the documentation
  *    and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
  * No include guards since this file is included multiple times by pfctl_test
  * to avoid duplicating code.
  */
 PFCTL_TEST(0001, "Pass with labels")
 PFCTL_TEST(0002, "Block/pass")
 PFCTL_TEST(0003, "Block/pass with flags")
 PFCTL_TEST(0004, "Block")
 PFCTL_TEST(0005, "Block with variables")
 PFCTL_TEST(0006, "Variables")
 PFCTL_TEST(0007, "Block/pass with return")
 PFCTL_TEST(0008, "Block with address list")
 PFCTL_TEST(0009, "Block with interface list")
 PFCTL_TEST(0010, "Block/pass with return")
 PFCTL_TEST(0011, "Block/pass ICMP")
 PFCTL_TEST(0012, "Pass to subnets")
 PFCTL_TEST(0013, "Pass quick")
 PFCTL_TEST(0014, "Pass quick IPv6")
 PFCTL_TEST(0016, "Pass with no state")
 PFCTL_TEST(0018, "Address lists")
 PFCTL_TEST(0019, "Lists")
 PFCTL_TEST(0020, "Lists")
 PFCTL_TEST(0022, "Set options")
 PFCTL_TEST(0023, "Block on negated interface")
 PFCTL_TEST(0024, "Variable concatenation")
 PFCTL_TEST(0025, "Antispoof")
 PFCTL_TEST(0026, "Block from negated interface")
 PFCTL_TEST(0028, "Block with log and quick")
 PFCTL_TEST(0030, "Line continuation")
 PFCTL_TEST(0031, "Block policy")
 PFCTL_TEST(0032, "Pass to any")
 PFCTL_TEST(0034, "Pass with probability")
 PFCTL_TEST(0035, "Matching on TOS")
 PFCTL_TEST(0038, "Pass with user")
 PFCTL_TEST(0039, "Ordered opts")
 PFCTL_TEST(0040, "Block/pass")
 PFCTL_TEST(0041, "Anchors")
 PFCTL_TEST(0047, "Pass with labels")
 PFCTL_TEST(0048, "Tables")
 PFCTL_TEST(0049, "Broadcast and network modifiers")
 PFCTL_TEST(0050, "Double macro set")
 PFCTL_TEST(0052, "Set optimization")
 PFCTL_TEST(0053, "Pass with labels")
 PFCTL_TEST(0055, "Set options")
 PFCTL_TEST(0056, "State opts")
 PFCTL_TEST(0057, "Variables")
 PFCTL_TEST(0060, "Pass from multicast")
 PFCTL_TEST(0061, "Dynaddr with netmask")
 PFCTL_TEST(0065, "Antispoof with labels")
 PFCTL_TEST(0067, "Tags")
 PFCTL_TEST(0069, "Tags")
 PFCTL_TEST(0070, "Tags")
 PFCTL_TEST(0071, "Tags")
 PFCTL_TEST(0072, "Tags")
 PFCTL_TEST(0074, "Synproxy")
 PFCTL_TEST(0075, "Block quick with tags")
 PFCTL_TEST(0077, "Dynaddr with netmask")
 PFCTL_TEST(0078, "Table with label")
 PFCTL_TEST(0079, "No-route with label")
 PFCTL_TEST(0081, "Address list and table list with no-route")
 PFCTL_TEST(0082, "Pass with interface, table and no-route")
 PFCTL_TEST(0084, "Source track")
 PFCTL_TEST(0085, "Tag macro expansion")
 PFCTL_TEST(0087, "Optimization rule reordering")
 PFCTL_TEST(0088, "Optimization duplicate rules handling")
 PFCTL_TEST(0089, "TCP connection tracking")
 PFCTL_TEST(0090, "Log opts")
 PFCTL_TEST(0091, "Nested anchors")
 PFCTL_TEST(0092, "Comments")
 PFCTL_TEST(0094, "Address ranges")
 PFCTL_TEST(0095, "Include")
 PFCTL_TEST(0096, "Variables")
 PFCTL_TEST(0097, "Divert-to")
 PFCTL_TEST(0098, "Pass")
 PFCTL_TEST(0100, "Anchor with multiple path components")
 PFCTL_TEST(0101, "Prio")
 PFCTL_TEST(0102, "Address lists with mixed address family")
 PFCTL_TEST(0104, "Divert-to with localhost")
 PFCTL_TEST(1001, "Binat")
 PFCTL_TEST(1002, "Set timeout interval")
 PFCTL_TEST(1003, "ALTQ")
 PFCTL_TEST(1004, "ALTQ with Codel")
 PFCTL_TEST(1005, "PR 231323")
 PFCTL_TEST(1006, "pfctl crashes with certain fairq configurations")
 PFCTL_TEST(1007, "Basic ethernet rule")
 PFCTL_TEST(1008, "Ethernet rule with mask length")
 PFCTL_TEST(1009, "Ethernet rule with mask")
 PFCTL_TEST(1010, "POM_STICKYADDRESS test")
 PFCTL_TEST(1011, "Test disabling scrub fragment reassemble")
 PFCTL_TEST(1012, "Test scrub fragment reassemble is default")
 PFCTL_TEST(1013, "Ethernet rule with ridentifier")
 PFCTL_TEST(1014, "Ethernet rule with one label")
 PFCTL_TEST(1015, "Ethernet rule with several labels")
 PFCTL_TEST(1016, "Ethernet rule with ridentifier and one label")
 PFCTL_TEST(1017, "Ethernet rule with ridentifier and several labels")
 PFCTL_TEST(1018, "Test dynamic address mask")
 PFCTL_TEST(1019, "Test pflow option")
 PFCTL_TEST(1020, "Test hashmark and semicolon comment")
 PFCTL_TEST(1021, "Endpoint-independent")
 PFCTL_TEST(1022, "Test received-on")
+PFCTL_TEST(1023, "Test match log(matches)")
diff --git a/tests/sys/netpfil/pf/pflog.sh b/tests/sys/netpfil/pf/pflog.sh
index 75b7c5c217bb..f5a1241cb5a8 100644
--- a/tests/sys/netpfil/pf/pflog.sh
+++ b/tests/sys/netpfil/pf/pflog.sh
@@ -1,85 +1,139 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
 # Copyright (c) 2023 Rubicon Communications, LLC (Netgate)
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 #
 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 
 . $(atf_get_srcdir)/utils.subr
 
 common_dir=$(atf_get_srcdir)/../common
 
 atf_test_case "malformed" "cleanup"
 malformed_head()
 {
 	atf_set descr 'Test that we do not log malformed packets as passing'
 	atf_set require.user root
 	atf_set require.progs scapy
 }
 
 malformed_body()
 {
 	pflog_init
 
 	epair=$(vnet_mkepair)
 
 	vnet_mkjail srv ${epair}b
 	jexec srv ifconfig ${epair}b 192.0.2.1/24 up
 
 	vnet_mkjail cl ${epair}a
 	jexec cl ifconfig ${epair}a 192.0.2.2/24 up
 
 	jexec cl pfctl -e
 	jexec cl ifconfig pflog0 up
 	pft_set_rules cl \
 		"pass log keep state"
 
 	# Not required, but the 'pf: dropping packet with ip options' kernel log can
 	# help when debugging the test.
 	jexec cl pfctl -x loud
 
 	jexec cl tcpdump -n -e -ttt --immediate-mode -l -U -i pflog0 >> pflog.txt &
 	sleep 1 # Wait for tcpdump to start
 
 	# Sanity check
 	atf_check -s exit:0 -o ignore \
 	    jexec srv ping -c 1 192.0.2.2
 
 	jexec srv ${common_dir}/pft_ping.py  \
 	    --sendif ${epair}b \
 	    --to 192.0.2.2 \
 	    --send-nop \
 	    --recvif ${epair}b
 
 	atf_check -o match:".*rule 0/8\(ip-option\): block in on ${epair}a: 192.0.2.1 > 192.0.2.2: ICMP echo request.*" \
 	    cat pflog.txt
 }
 
 malformed_cleanup()
 {
 	pft_cleanup
 }
 
+atf_test_case "matches" "cleanup"
+matches_head()
+{
+	atf_set descr 'Test the pflog matches keyword'
+	atf_set require.user root
+}
+
+matches_body()
+{
+	pflog_init
+
+	epair=$(vnet_mkepair)
+
+	vnet_mkjail alcatraz ${epair}a
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	ifconfig ${epair}b 192.0.2.2/24 up
+
+	# Sanity check
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 192.0.2.1
+
+	jexec alcatraz pfctl -e
+	jexec alcatraz ifconfig pflog0 up
+	pft_set_rules alcatraz \
+		"match log(matches) inet proto icmp" \
+		"match log(matches) inet from 192.0.2.2" \
+		"pass"
+
+	jexec alcatraz tcpdump -n -e -ttt --immediate-mode -l -U -i pflog0 >> ${PWD}/pflog.txt &
+	sleep 1 # Wait for tcpdump to start
+
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 192.0.2.1
+
+	echo "Rules"
+	jexec alcatraz pfctl -sr -vv
+	echo "States"
+	jexec alcatraz pfctl -ss -vv
+	echo "Log"
+	cat ${PWD}/pflog.txt
+
+	atf_check -o match:".*rule 0/0\(match\): match in on ${epair}a: 192.0.2.2 > 192.0.2.1: ICMP echo request.*" \
+	    cat pflog.txt
+	atf_check -o match:".*rule 1/0\(match\): match in on ${epair}a: 192.0.2.2 > 192.0.2.1: ICMP echo request.*" \
+	    cat pflog.txt
+}
+
+matches_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "malformed"
+	atf_add_test_case "matches"
 }