From bd5ca94caaae9536e7f2d2bee3a1deb5fe29e3ad Mon Sep 17 00:00:00 2001
From: Kurt Lidl <lidl@FreeBSD.org>
Date: Tue, 9 Feb 2016 21:00:38 +0000
Subject: [PATCH] Zero pf rule counters so daily reports make sense

Zero pf rule counters so that each daily report lists an absolute
number of rejected packets, not the total since the last time the
machine rebooted (or the counters were manually cleared).

PR:		206467
Submitted by:	Rick Adams
Approved by:	rpaulo (mentor)
Differential Revision:	https://reviews.freebsd.org/D5172
---
 etc/periodic/security/520.pfdenied | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/periodic/security/520.pfdenied b/etc/periodic/security/520.pfdenied
index 3fea360f458..f2f9e8ac39b 100755
--- a/etc/periodic/security/520.pfdenied
+++ b/etc/periodic/security/520.pfdenied
@@ -44,7 +44,7 @@ rc=0
 if check_yesno_period security_status_pfdenied_enable
 then
 	TMP=`mktemp -t security`
-	if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' > ${TMP}; then
+	if pfctl -sr -v -z 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' > ${TMP}; then
 	  check_diff new_only pf ${TMP} "${host} pf denied packets:"
 	fi
 	rc=$?