git: 4df539cc3864 - stable/14 - pfdenied: fix checking root anchor
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 10 Jun 2026 07:49:23 UTC
The branch stable/14 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=4df539cc3864f45e980774ac77238e0781b930d7
commit 4df539cc3864f45e980774ac77238e0781b930d7
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-06-03 08:49:31 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-06-10 07:49:01 +0000
pfdenied: fix checking root anchor
pfctl doesn't like empty anchors (-a ''), but we can specify the root
anchor as '/' too, so do that instead.
PR: 295324
Tested by: Paweł Krawczyk
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c)
---
usr.sbin/periodic/etc/security/520.pfdenied | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr.sbin/periodic/etc/security/520.pfdenied b/usr.sbin/periodic/etc/security/520.pfdenied
index 9852936257bc..ddf32e5a34b4 100755
--- a/usr.sbin/periodic/etc/security/520.pfdenied
+++ b/usr.sbin/periodic/etc/security/520.pfdenied
@@ -41,7 +41,7 @@ rc=0
if check_yesno_period security_status_pfdenied_enable
then
TMP=`mktemp -t security`
- for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors}
+ for _a in "/" $(pfctl -a "blacklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors}
do
pfctl -a "${_a}" -sr -v -z 2>/dev/null | \
nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP}