This also fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292184
> On Jun 3, 2026, at 9:15 AM, Kristof Provost <[email protected]> wrote: > > The branch main has been updated by kp: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c > > commit 3d9cd10b2857ee7a9ec1b04457d9ec44f614d32c > Author: Kristof Provost <[email protected]> > AuthorDate: 2026-06-03 08:49:31 +0000 > Commit: Kristof Provost <[email protected]> > CommitDate: 2026-06-03 08:52:06 +0000 > > pfdenied: fix checking root anchor > > pfctl doesn't like empty anchors (-a ''), but we can specify the root > anchor as '/' too, so do that instead. > > PR: 295324 > Tested by: Paweł Krawczyk > MFC after: 1 week > Sponsored by: Rubicon Communications, LLC ("Netgate") > --- > usr.sbin/periodic/etc/security/520.pfdenied | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/usr.sbin/periodic/etc/security/520.pfdenied > b/usr.sbin/periodic/etc/security/520.pfdenied > index d87dfa0ae64c..a3cddf30d726 100755 > --- a/usr.sbin/periodic/etc/security/520.pfdenied > +++ b/usr.sbin/periodic/etc/security/520.pfdenied > @@ -41,7 +41,7 @@ rc=0 > if check_yesno_period security_status_pfdenied_enable > then > TMP=`mktemp -t security` > - for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a > "blocklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors} > + for _a in "/" $(pfctl -a "blacklistd" -sA 2>/dev/null) $(pfctl -a > "blocklistd" -sA 2>/dev/null) ${security_status_pfdenied_additionalanchors} > do > pfctl -a "${_a}" -sr -v -z 2>/dev/null | \ > nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print > buf$0;} }' >> ${TMP} > Thanks, Matteo
