Hello,
</snip>
> ------------------------------------------
> Patch
> ------------------------------------------
> --- pfctl.c.orig Fri Mar 13 05:23:23 2026
> +++ pfctl.c Fri Mar 13 05:25:44 2026
> @@ -1527,7 +1527,8 @@
> }
>
> if (pf->optimize)
> - pfctl_optimize_ruleset(pf, rs);
> + if ((error = pfctl_optimize_ruleset(pf, rs)) != 0)
> + goto error;
>
> while ((r = TAILQ_FIRST(rs->rules.active.ptr)) != NULL) {
> TAILQ_REMOVE(rs->rules.active.ptr, r, entries);
>
I agree with analysis and fix. I prefer slightly modified
diff to commit, see below.
thanks and
regards
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 4981ed68623..177e0ac9957 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1987,8 +1987,8 @@ pfctl_load_ruleset(struct pfctl *pf, char *path, struct
pf_ruleset *rs,
printf("\n");
}
- if (pf->optimize)
- pfctl_optimize_ruleset(pf, rs);
+ if (pf->optimize && (error = pfctl_optimize_ruleset(pf, rs)) != 0)
+ goto error;
while ((r = TAILQ_FIRST(rs->rules.active.ptr)) != NULL) {
TAILQ_REMOVE(rs->rules.active.ptr, r, entries);
