Invalid ruleset generated with some AVPair-defined ACLs
as discussed here:
an invalid ruleset can be generated for AVPair.
Ticket #5451 for RELENG_2_2
Actually this can be fixed by adding just a space after "from any".
The code here builds up $tmprule and each time it adds a new clause it puts a space at the end, ready for if there is another clause to come. The "from any" here was the only offender in this scheme.
It seems good to me to still backport little easy fixes to RELENG_2_2. That way production users can get them easily if they like (with system patches or...).
Alternate way to correct rules for ticket #5451
The code here build up each clause in $tmprule and always adds a space at the end of the clause, in case there is another clause to come. The only place that did not do this was "from any" at line 131. Fixing that should fix the issue and keep it all consistent. There should be no need to add a space before all of the "to..." clauses.
Actually the first fix by @cbuechler https://github.com/pfsense/pfsense/commit/8e81f6a88180c5c9a280d78fd77788f7160b0d1a will work fine, but IMHO this is a little cleaner and will be easier for future maintainers to understand.