From e044f67a66c82721b419949132fc48261ee39555 Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Thu, 29 Aug 2024 13:48:41 +0200
Subject: [PATCH] pfctl: improve bitmask printing

In some cases the netmask gets set to a full 128 bit mask even if no
address family is selected; don't print the v6 mask if it's a v4 address.

Obtained from:	OpenBSD, mcbride <mcbride@openbsd.org>, f6d7b41f07
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D46584
---
 sbin/pfctl/pf_print_state.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sbin/pfctl/pf_print_state.c b/sbin/pfctl/pf_print_state.c
index 0b862273fab3..96da1e109fa8 100644
--- a/sbin/pfctl/pf_print_state.c
+++ b/sbin/pfctl/pf_print_state.c
@@ -128,7 +128,7 @@ print_addr(struct pf_addr_wrap *addr, sa_family_t af, int verbose)
 	    PF_AZERO(&addr->v.a.mask, AF_INET6))) {
 		int bits = unmask(&addr->v.a.mask, af);
 
-		if (bits != (af == AF_INET ? 32 : 128))
+		if (bits < (af == AF_INET ? 32 : 128))
 			printf("/%d", bits);
 	}
 }