Date: Sun, 04 Jan 2026 16:21:43 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 292184] periodic/security/520.pfdenied - anchor name must not be empty Message-ID: <bug-292184-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292184 Bug ID: 292184 Summary: periodic/security/520.pfdenied - anchor name must not be empty Product: Base System Version: 15.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: conf Assignee: bugs@FreeBSD.org Reporter: thierry.dussuet@protonmail.com Since this commit: https://github.com/freebsd/freebsd-src/commit/f33973f5360792835c82b3a164e0d043e8656a4a the daily periodic e-mails do not include pf block rules from the main ruleset anymore. The file /etc/periodic/security/520.pfdenied runs the equivalent of 'pfctl -a "" -sr -v -z 2>/dev/null' which now silently errors out due to: pfctl: anchor name must not be empty Using pfctl -a "*" would work temporarily instead, but would be recursive. Not sure how to specify the default ruleset explicitly now. Also, if an empty anchor name is not allowed anymore, the periodic.conf(5) man page might need to be adjusted, as it mentions security_status_pfdenied_additionalanchors (str) Space-separated list of additional anchors whose denied packets log entries to show. The main ruleset (i.e., the empty-string anchor) and any blocklistd(8) anchors, if present, are always shown. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-292184-227>