Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Jun 2026 10:06:35 -0400
From:      Matteo Riondato <matteo@FreeBSD.org>
To:        Kristof Provost <kp@FreeBSD.org>
Cc:        "src-committers@freebsd.org" <src-committers@FreeBSD.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@FreeBSD.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@FreeBSD.org>
Subject:   Re: git: 3d9cd10b2857 - main - pfdenied: fix checking root anchor
Message-ID:  <C719F4BE-3D8A-47F0-BC06-ED4845672BBA@FreeBSD.org>
In-Reply-To: <6a2028fe.3230e.63c5c7f2@gitrepo.freebsd.org>
index | next in thread | previous in thread | raw e-mail 

This also fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292184


> On Jun 3, 2026, at 9:15 AM, Kristof Provost <kp@FreeBSD.org> wrote:
> 
> The branch main has been updated by kp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c
> 
> commit 3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c
> Author:     Kristof Provost <kp@FreeBSD.org>
> AuthorDate: 2026-06-03 08:49:31 +0000
> Commit:     Kristof Provost <kp@FreeBSD.org>
> CommitDate: 2026-06-03 08:52:06 +0000
> 
>    pfdenied: fix checking root anchor
> 
>    pfctl doesn't like empty anchors (-a ''), but we can specify the root
>    anchor as '/' too, so do that instead.
> 
>    PR:             295324
>    Tested by:      Paweł Krawczyk
>    MFC after:      1 week
>    Sponsored by:   Rubicon Communications, LLC ("Netgate")
> ---
> usr.sbin/periodic/etc/security/520.pfdenied | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/usr.sbin/periodic/etc/security/520.pfdenied b/usr.sbin/periodic/etc/security/520.pfdenied
> index d87dfa0ae64c..a3cddf30d726 100755
> --- a/usr.sbin/periodic/etc/security/520.pfdenied
> +++ b/usr.sbin/periodic/etc/security/520.pfdenied
> @@ -41,7 +41,7 @@ rc=0
> if check_yesno_period security_status_pfdenied_enable
> then
> TMP=`mktemp -t security`
> - for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a "blocklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors}
> + for _a in "/" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a "blocklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors}
> do
> pfctl -a "${_a}" -sr -v -z 2>/dev/null | \
> nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP}
> 

Thanks, 
Matteo
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C719F4BE-3D8A-47F0-BC06-ED4845672BBA>