I assume you're not entirely serious about the 'Sponsored by:' line?
I'm happy to credit any organisation for your work, but um .. it raises questions?

tests/sys/netpfil/pf/table.sh
119	I'd avoid having functions specific to one jail name (even if I do tend to default to 'alcatraz'). So I'd call this something like 'pft_cleared_ctime' and pass the jail name as an argument.
129	Does this work if TZ != UTC? We may want to just set TZ=UTC for this date invocation.
156	It's unclear to me why we're removing these lines. We now seem to be looking for both TABLE_STATS_NONZERO and TABLE_STATS_ZERO matches in the same output.

I assume you're not entirely serious about the 'Sponsored by:' line?

Both "yes" and "no". The story behind that line is a crypto-bro donating me $10k of some laundered bitcoins to support my work on various areas of policy-based routing solutions & censorship circumvention tooling helping Russian users. I don't know the full story here, but they called themselves that way.

So, no, I'm not entirely serious as in: I don't demand Sponsored by: tag.

On the other hand, I'm serious as in: if it's required by FreeBSD community (e.g. for transparency reasons), that's the quasi-correct value for it.

tests/sys/netpfil/pf/table.sh
119	ack.
129	Yes, it works correctly. My test-box has `Europe/Moscow` timezone. `ctime()` in `pfctl` uses current TZ and `date` uses current TZ as well. The comment is just a reminder that the used timezone is `TZ`.
156	It's just saving fork/exec and/or minor copy-pasta cleanup. Both commands test output of `jexec alcatraz pfctl -t foo -T show -vv`, so they can be combined into one `atf_check` call. Am I missing something?