Re: git: 3d9cd10b2857 - main - pfdenied: fix checking root anchor

This also fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292184


> On Jun 3, 2026, at 9:15 AM, Kristof Provost <kp@FreeBSD.org> wrote:
> 
> The branch main has been updated by kp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c
> 
> commit 3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c
> Author:     Kristof Provost <kp@FreeBSD.org>
> AuthorDate: 2026-06-03 08:49:31 +0000
> Commit:     Kristof Provost <kp@FreeBSD.org>
> CommitDate: 2026-06-03 08:52:06 +0000
> 
>    pfdenied: fix checking root anchor
> 
>    pfctl doesn't like empty anchors (-a ''), but we can specify the root
>    anchor as '/' too, so do that instead.
> 
>    PR:             295324
>    Tested by:      Paweł Krawczyk
>    MFC after:      1 week
>    Sponsored by:   Rubicon Communications, LLC ("Netgate")
> ---
> usr.sbin/periodic/etc/security/520.pfdenied | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/usr.sbin/periodic/etc/security/520.pfdenied b/usr.sbin/periodic/etc/security/520.pfdenied
> index d87dfa0ae64c..a3cddf30d726 100755
> --- a/usr.sbin/periodic/etc/security/520.pfdenied
> +++ b/usr.sbin/periodic/etc/security/520.pfdenied
> @@ -41,7 +41,7 @@ rc=0
> if check_yesno_period security_status_pfdenied_enable
> then
> TMP=`mktemp -t security`
> - for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a "blocklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors}
> + for _a in "/" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a "blocklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors}
> do
> pfctl -a "${_a}" -sr -v -z 2>/dev/null | \
> nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP}
> 

Thanks, 
Matteo