Date: Mon, 26 Aug 2019 17:36:43 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 240130] Adding a pf anchor containing a "/" defines the anchor incorrectly Message-ID: <bug-240130-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240130 Bug ID: 240130 Summary: Adding a pf anchor containing a "/" defines the anchor incorrectly Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: freebsd@tim.thechases.com tl;dr: Simple reduced example =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D $ echo 'anchor "blacklistd/*"' | pfctl -nvf - on OpenBSD, this outputs what I'd expect: anchor "blacklistd/*" all however on FreeBSD (tried 12-RELEASE-p10 here, and got corroboration from "Evilham" on IRC for 13.0-CURRENT), this outputs anchor "/*" all where the anchor name has been stripped out. The "/" seems to cause the iss= ue since the following all produce the results I expect (whether useful, sensi= ble,=20 or not): $ echo 'anchor "blacklistd"' | pfctl -nvf - $ echo 'anchor "blacklistd*"' | pfctl -nvf - $ echo 'anchor "*"' | pfctl -nvf - Longer details/backstory: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Was trying to figure out why blacklistd wasn't populating the anchor proper= ly with blocking rules. After a morning of troubleshooting, determined that blacklistd was correctly interacting with sshd, and /usr/libexec/blacklistd-helper was getting as far as invoking `pfctl` with = the (AFAIK) correct parameters, but pf didn't seem to have the anchor in place.= I tracked it down to the lack of a "blacklistd/*" anchor existing. So I experimented with my pf.conf file stripping it down to the bare essentials = of just a "scrub in all" and that one 'anchor "blacklistd"' entry, only to see that loading the pf.conf file still listed the only anchor as "/*" not "blacklistd/*". kevins91 on #freebsd in IRC said to create a PR and to CC kp@ so here it is. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240130-227>