The /etc/periodic/security/520.pfdenied script produces a line of output
for all lines in the PF file, not just those that cause a deny to happen.
Fix: Basically, only print the line if the 5th field isn't empty.
A commit references this bug:
Date: Thu Nov 5 17:37:15 UTC 2015
New revision: 290405
Restrict 520.pfdenied to only list rules that blocked traffic.
Before this change, the 520.pfdenied script listed all rules that
matched /^block/ in the rule. Restrict the printed output to only
those rules that result in packets being dropped.
Approved by: rpaulo (mentor)
Differential Revision: https://reviews.freebsd.org/D4068