Hello,
</snip>
> no need to be different than the other checks in the file, and
> indentation is wrong.
>
> Index: pfctl.c
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
> diff -u -p -r1.400 pfctl.c
> --- pfctl.c 3 Feb 2026 10:25:28 -0000 1.400
> +++ pfctl.c 13 Mar 2026 10:57:09 -0000
> @@ -1988,7 +1988,8 @@ pfctl_load_ruleset(struct pfctl *pf, cha
> }
>
> if (pf->optimize)
> - pfctl_optimize_ruleset(pf, rs);
> + if (error = pfctl_optimize_ruleset(pf, rs))
> + goto error;
>
> while ((r = TAILQ_FIRST(rs->rules.active.ptr)) != NULL) {
> TAILQ_REMOVE(rs->rules.active.ptr, r, entries);
>
FYI I've just committed the fix mentioned here [1] it went
in with message as follows:
pfctl(8) parser must not ignore error from pfctl_optimize_ruleset().
Ignoring the error may cause pfctl(8) to load inconsistent ruleset
preventing pf(4) to enforce desired policy.
Issue reported and fix suggested by berts _from_ fastmail _dot_ com
'Looks good.' @deraadt
thanks and
regards
sashan
[1] https://marc.info/?l=openbsd-bugs&m=177339397428466&w=2
