From 3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Wed, 3 Jun 2026 10:49:31 +0200 Subject: [PATCH] pfdenied: fix checking root anchor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit pfctl doesn't like empty anchors (-a ''), but we can specify the root anchor as '/' too, so do that instead. PR: 295324 Tested by: Paweł Krawczyk MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") --- usr.sbin/periodic/etc/security/520.pfdenied | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.sbin/periodic/etc/security/520.pfdenied b/usr.sbin/periodic/etc/security/520.pfdenied index d87dfa0ae64..a3cddf30d72 100755 --- a/usr.sbin/periodic/etc/security/520.pfdenied +++ b/usr.sbin/periodic/etc/security/520.pfdenied @@ -41,7 +41,7 @@ rc=0 if check_yesno_period security_status_pfdenied_enable then TMP=`mktemp -t security` - for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a "blocklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors} + for _a in "/" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a "blocklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors} do pfctl -a "${_a}" -sr -v -z 2>/dev/null | \ nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP}