From nobody Mon Jul  7 15:07:50 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bbSKL719xz61wCy;
	Mon, 07 Jul 2025 15:07:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bbSKL3bcdz3wQC;
	Mon, 07 Jul 2025 15:07:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1751900870;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IDR3N6Zvgn3U+Zz+rMk3L9cHXRDO+dZVeHgWfXDsQEk=;
	b=D4H8TtitD2Gv8j4IUBQTh/CDo1Z7mMMDST+ukRaGwwhaxKg0+CysyBx37tml72yMpmYapZ
	Me9m8nIGOAv25hxm8EngJXabq0YB8uq7otmN8Bi/c9HOu3Y3n7uqWmNc0qF5wsszOJCmcE
	054T3F8G16mT5a9q8chAGHGamQi2rj8GDS08RQJKVu+LeqTFD+1AQoD5JxvL9tQzIDiMMW
	DZMG+X6zKrijrDr2gsx9Apna5p5m9TxbZdI/SHzBnvioMyTWWD1cvTJ2iTJibx+i3izihi
	xDcr04IJU6I+b5vpjRyr3eO3s/toYuA+QlMQfGonH4QDHDUMxUFpPSU6bHKiRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1751900870;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IDR3N6Zvgn3U+Zz+rMk3L9cHXRDO+dZVeHgWfXDsQEk=;
	b=BhQF14WVIH4ODx1nMtcOG7fSJZwc1GDKZ2Z8iaVaZs4mxiC4XpO5XweuLhlLxVpUSUvT1Z
	OQ9YmXNQuPK4GkJPw5tXd9teFb1JOCIq7rzlmeafgQ9tGtV1Ecoy6XbAz/ZqvmavsO0V/d
	6T0l5bY/tfwOOwBEsH9B1a4F9uba2F98eOOpiCPFt1QVrFrWi9OWfMzAGnuS1GeiH1J+wM
	L/sFXlRhgHTq7s4AOuvZ1T5HMO6Ueo/tuntUdEaPBBY3fm3TB1AcnX6yanIQrCjxbMtPUp
	iq8fID01t5Gufs7i4gxhCuH0Zu8Kn2VIix8Uf3JMfRqE8DIAEoRJw/kksSk9ww==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751900870; a=rsa-sha256; cv=none;
	b=DesjC2JrkTAqgI68Du3shcp1t2v8FCYCttoTT2FpKjSUzNOqY8vZ1VQdmhBMPf3aMs/UiQ
	sTKmCf0zBvKA2TWinL9m0PfivQ5IwwQaQdvoiBFOyAZdGMOG1g5pA6biGyNbSx1iVtZixK
	AXSTZC7u+fjQOdmhpdekVwbkOqHR+tQ3NGR6yTI6T6VP3ruf3Im7LdBTPhomA0bkMqWCPD
	2xhS1AM/58lhzcQsK5KZesYYvQlovXEUntVjsKxE/8a+2TVmk+jRT/LdI3c5+6moC1zIsd
	uvi0s6mUgbdwYTeusWUNCgQR0CxaqSgymDz2xsWiJ25zi0Yljc1WHRwPwhLzkw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bbSKL2b2YzwF3;
	Mon, 07 Jul 2025 15:07:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 567F7oWZ016441;
	Mon, 7 Jul 2025 15:07:50 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 567F7oWq016438;
	Mon, 7 Jul 2025 15:07:50 GMT
	(envelope-from git)
Date: Mon, 7 Jul 2025 15:07:50 GMT
Message-Id: <202507071507.567F7oWq016438@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 714be446a925 - main - pfctl: Defuse `-F all -i
  interface'
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 714be446a92555911b8cbd0f0f480f0dea617fa6
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=714be446a92555911b8cbd0f0f480f0dea617fa6

commit 714be446a92555911b8cbd0f0f480f0dea617fa6
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-01 10:10:00 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-07 15:06:48 +0000

    pfctl: Defuse `-F all -i interface'
    
    Flushing all filter parameters does not make sense on one specific
    interface only as already noted.  However, the main ruleset as well as
    all tables were still cleared on such invalid usage.
    
    Furthermore, an empty interface name was treated like no interface at
    all, hence source tracking entries, statistics and interface flags were
    cleared also.
    
    Immediately error out if `-i' is given regardless of its argument before
    flushing anything.
    
    OK sashan
    
    Obtained from:  OpenBSD, kn <kn@openbsd.org>, 7863d3574f
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index b4732d178cbb..169b75f202d1 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -3365,6 +3365,11 @@ main(int argc, char *argv[])
 			pfctl_clear_stats(pfh, opts);
 			break;
 		case 'a':
+			if (ifaceopt) {
+				warnx("don't specify an interface with -Fall");
+				usage();
+				/* NOTREACHED */
+			}
 			pfctl_flush_eth_rules(dev, opts, anchorname);
 			pfctl_flush_rules(dev, opts, anchorname);
 			pfctl_flush_nat(dev, opts, anchorname);