head 1.14; access; symbols netbsd-10-0-RELEASE:1.14 netbsd-10-0-RC6:1.14 netbsd-10-0-RC5:1.14 netbsd-10-0-RC4:1.14 netbsd-10-0-RC3:1.14 netbsd-10-0-RC2:1.14 netbsd-10-0-RC1:1.14 netbsd-10:1.14.0.6 netbsd-10-base:1.14 netbsd-9-3-RELEASE:1.11 cjep_sun2x-base1:1.14 cjep_sun2x:1.14.0.4 cjep_sun2x-base:1.14 cjep_staticlib_x-base1:1.14 netbsd-9-2-RELEASE:1.11 cjep_staticlib_x:1.14.0.2 cjep_staticlib_x-base:1.14 netbsd-9-1-RELEASE:1.11 phil-wifi-20200421:1.11 phil-wifi-20200411:1.11 is-mlppp:1.11.0.4 is-mlppp-base:1.11 phil-wifi-20200406:1.11 netbsd-8-2-RELEASE:1.10 netbsd-9-0-RELEASE:1.11 netbsd-9-0-RC2:1.11 netbsd-9-0-RC1:1.11 phil-wifi-20191119:1.11 netbsd-9:1.11.0.2 netbsd-9-base:1.11 phil-wifi-20190609:1.11 netbsd-8-1-RELEASE:1.10 netbsd-8-1-RC1:1.10 pgoyette-compat-merge-20190127:1.10.40.1 pgoyette-compat-20190127:1.11 pgoyette-compat-20190118:1.11 pgoyette-compat-1226:1.11 pgoyette-compat-1126:1.11 pgoyette-compat-1020:1.11 pgoyette-compat-0930:1.11 pgoyette-compat-0906:1.11 netbsd-7-2-RELEASE:1.10 pgoyette-compat-0728:1.11 netbsd-8-0-RELEASE:1.10 phil-wifi:1.10.0.42 phil-wifi-base:1.10 pgoyette-compat-0625:1.10 netbsd-8-0-RC2:1.10 pgoyette-compat-0521:1.10 pgoyette-compat-0502:1.10 pgoyette-compat-0422:1.10 netbsd-8-0-RC1:1.10 pgoyette-compat-0415:1.10 pgoyette-compat-0407:1.10 pgoyette-compat-0330:1.10 pgoyette-compat-0322:1.10 pgoyette-compat-0315:1.10 netbsd-7-1-2-RELEASE:1.10 pgoyette-compat:1.10.0.40 pgoyette-compat-base:1.10 netbsd-7-1-1-RELEASE:1.10 matt-nb8-mediatek:1.10.0.38 matt-nb8-mediatek-base:1.10 perseant-stdc-iso10646:1.10.0.36 perseant-stdc-iso10646-base:1.10 netbsd-8:1.10.0.34 netbsd-8-base:1.10 prg-localcount2-base3:1.10 prg-localcount2-base2:1.10 prg-localcount2-base1:1.10 prg-localcount2:1.10.0.32 prg-localcount2-base:1.10 pgoyette-localcount-20170426:1.10 bouyer-socketcan-base1:1.10 pgoyette-localcount-20170320:1.10 netbsd-7-1:1.10.0.30 netbsd-7-1-RELEASE:1.10 netbsd-7-1-RC2:1.10 netbsd-7-nhusb-base-20170116:1.10 bouyer-socketcan:1.10.0.28 bouyer-socketcan-base:1.10 pgoyette-localcount-20170107:1.10 netbsd-7-1-RC1:1.10 pgoyette-localcount-20161104:1.10 netbsd-7-0-2-RELEASE:1.10 localcount-20160914:1.10 netbsd-7-nhusb:1.10.0.26 netbsd-7-nhusb-base:1.10 pgoyette-localcount-20160806:1.10 pgoyette-localcount-20160726:1.10 pgoyette-localcount:1.10.0.24 pgoyette-localcount-base:1.10 netbsd-7-0-1-RELEASE:1.10 netbsd-7-0:1.10.0.22 netbsd-7-0-RELEASE:1.10 netbsd-7-0-RC3:1.10 netbsd-7-0-RC2:1.10 netbsd-7-0-RC1:1.10 netbsd-5-2-3-RELEASE:1.7 netbsd-5-1-5-RELEASE:1.7 netbsd-6-0-6-RELEASE:1.10 netbsd-6-1-5-RELEASE:1.10 netbsd-7:1.10.0.20 netbsd-7-base:1.10 yamt-pagecache-base9:1.10 yamt-pagecache-tag8:1.9.8.1 netbsd-6-1-4-RELEASE:1.10 netbsd-6-0-5-RELEASE:1.10 tls-earlyentropy:1.10.0.18 tls-earlyentropy-base:1.10 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.10 riastradh-drm2-base3:1.10 netbsd-6-1-3-RELEASE:1.10 netbsd-6-0-4-RELEASE:1.10 netbsd-5-2-2-RELEASE:1.7 netbsd-5-1-4-RELEASE:1.7 netbsd-6-1-2-RELEASE:1.10 netbsd-6-0-3-RELEASE:1.10 netbsd-5-2-1-RELEASE:1.7 netbsd-5-1-3-RELEASE:1.7 netbsd-6-1-1-RELEASE:1.10 riastradh-drm2-base2:1.10 riastradh-drm2-base1:1.10 riastradh-drm2:1.10.0.10 riastradh-drm2-base:1.10 netbsd-6-1:1.10.0.16 netbsd-6-0-2-RELEASE:1.10 netbsd-6-1-RELEASE:1.10 khorben-n900:1.10.0.14 netbsd-6-1-RC4:1.10 netbsd-6-1-RC3:1.10 agc-symver:1.10.0.12 agc-symver-base:1.10 netbsd-6-1-RC2:1.10 netbsd-6-1-RC1:1.10 yamt-pagecache-base8:1.10 netbsd-5-2:1.7.0.30 netbsd-6-0-1-RELEASE:1.10 yamt-pagecache-base7:1.10 netbsd-5-2-RELEASE:1.7 netbsd-5-2-RC1:1.7 matt-nb6-plus-nbase:1.10 yamt-pagecache-base6:1.10 netbsd-6-0:1.10.0.8 netbsd-6-0-RELEASE:1.10 netbsd-6-0-RC2:1.10 tls-maxphys:1.10.0.6 tls-maxphys-base:1.10 matt-nb6-plus:1.10.0.4 matt-nb6-plus-base:1.10 netbsd-6-0-RC1:1.10 yamt-pagecache-base5:1.10 yamt-pagecache-base4:1.10 netbsd-6:1.10.0.2 netbsd-6-base:1.10 netbsd-5-1-2-RELEASE:1.7 netbsd-5-1-1-RELEASE:1.7 yamt-pagecache-base3:1.9 yamt-pagecache-base2:1.9 yamt-pagecache:1.9.0.8 yamt-pagecache-base:1.9 cherry-xenmp:1.9.0.6 cherry-xenmp-base:1.9 bouyer-quota2-nbase:1.9 bouyer-quota2:1.9.0.4 bouyer-quota2-base:1.9 matt-mips64-premerge-20101231:1.9 matt-nb5-mips64-premerge-20101231:1.7 matt-nb5-pq3:1.7.0.28 matt-nb5-pq3-base:1.7 netbsd-5-1:1.7.0.26 netbsd-5-1-RELEASE:1.7 netbsd-5-1-RC4:1.7 matt-nb5-mips64-k15:1.7 netbsd-5-1-RC3:1.7 netbsd-5-1-RC2:1.7 netbsd-5-1-RC1:1.7 netbsd-5-0-2-RELEASE:1.7 matt-nb5-mips64-premerge-20091211:1.7 matt-premerge-20091211:1.9 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.7 matt-nb4-mips64-k7-u2a-k9b:1.7 matt-nb5-mips64-u1-k1-k5:1.7 matt-nb5-mips64:1.7.0.24 netbsd-5-0-1-RELEASE:1.7 jym-xensuspend-nbase:1.9 netbsd-5-0:1.7.0.22 netbsd-5-0-RELEASE:1.7 netbsd-5-0-RC4:1.7 netbsd-5-0-RC3:1.7 netbsd-5-0-RC2:1.7 jym-xensuspend:1.9.0.2 jym-xensuspend-base:1.9 netbsd-5-0-RC1:1.7 mjf-devfs2-base2:1.9 netbsd-5:1.7.0.20 netbsd-5-base:1.7 matt-mips64-base2:1.7 matt-mips64:1.7.0.18 netbsd-4-0-1-RELEASE:1.6 wrstuden-revivesa-base-3:1.7 wrstuden-revivesa-base-2:1.7 wrstuden-fixsa-newbase:1.6 wrstuden-revivesa-base-1:1.7 yamt-pf42-base4:1.7 yamt-pf42-base3:1.7 hpcarm-cleanup-nbase:1.7 yamt-pf42-baseX:1.7 yamt-pf42-base2:1.7 wrstuden-revivesa:1.7.0.16 wrstuden-revivesa-base:1.7 yamt-pf42:1.7.0.14 yamt-pf42-base:1.7 mjf-devfs2:1.7.0.12 mjf-devfs2-base:1.7 keiichi-mipv6:1.7.0.10 keiichi-mipv6-base:1.7 mjf-devfs:1.7.0.8 mjf-devfs-base:1.7 matt-armv6-nbase:1.7 matt-armv6-prevmlocking:1.7 wrstuden-fixsa-base-1:1.6 netbsd-4-0:1.6.0.8 netbsd-4-0-RELEASE:1.6 cube-autoconf:1.7.0.6 cube-autoconf-base:1.7 netbsd-4-0-RC5:1.6 netbsd-4-0-RC4:1.6 netbsd-4-0-RC3:1.6 netbsd-4-0-RC2:1.6 netbsd-4-0-RC1:1.6 matt-armv6:1.7.0.4 matt-armv6-base:1.7 matt-mips64-base:1.7 hpcarm-cleanup:1.7.0.2 hpcarm-cleanup-base:1.7 netbsd-3-1-1-RELEASE:1.3.2.3 netbsd-3-0-3-RELEASE:1.3.2.3 wrstuden-fixsa:1.6.0.6 wrstuden-fixsa-base:1.6 abandoned-netbsd-4-base:1.6 abandoned-netbsd-4:1.6.0.2 netbsd-3-1:1.3.2.3.0.4 netbsd-3-1-RELEASE:1.3.2.3 netbsd-3-0-2-RELEASE:1.3.2.3 netbsd-3-1-RC4:1.3.2.3 netbsd-3-1-RC3:1.3.2.3 netbsd-3-1-RC2:1.3.2.3 netbsd-3-1-RC1:1.3.2.3 netbsd-4:1.6.0.4 netbsd-4-base:1.6 netbsd-3-0-1-RELEASE:1.3.2.3 netbsd-3-0:1.3.2.3.0.2 netbsd-3-0-RELEASE:1.3.2.3 netbsd-3-0-RC6:1.3.2.3 netbsd-3-0-RC5:1.3.2.3 netbsd-3-0-RC4:1.3.2.3 netbsd-3-0-RC3:1.3.2.3 netbsd-3-0-RC2:1.3.2.3 netbsd-3-0-RC1:1.3.2.3 netbsd-3:1.3.0.2 netbsd-3-base:1.3; locks; strict; comment @# @; 1.14 date 2020.09.08.12.52.18; author martin; state Exp; branches; next 1.13; commitid IL2vGNw0FVFgcfnC; 1.13 date 2020.07.22.16.50.41; author martin; state Exp; branches; next 1.12; commitid ZlFyZCKhX3U036hC; 1.12 date 2020.07.04.06.24.53; author skrll; state Exp; branches; next 1.11; commitid hRPK9EPvuxkZaJeC; 1.11 date 2018.06.29.12.34.15; author roy; state Exp; branches; next 1.10; commitid a5lysYzZe7XAQaIA; 1.10 date 2011.11.21.20.56.21; author darcy; state Exp; branches 1.10.40.1 1.10.42.1; next 1.9; 1.9 date 2008.11.22.20.23.33; author tsutsui; state Exp; branches 1.9.8.1; next 1.8; 1.8 date 2008.11.12.12.35.52; author ad; state Exp; branches; next 1.7; 1.7 date 2007.04.06.14.20.18; author apb; state Exp; branches 1.7.12.1; next 1.6; 1.6 date 2005.08.23.12.12.56; author peter; state Exp; branches; next 1.5; 1.5 date 2005.08.10.13.52.05; author peter; state Exp; branches; next 1.4; 1.4 date 2005.08.07.01.03.39; author peter; state Exp; branches; next 1.3; 1.3 date 2005.03.15.18.22.03; author peter; state Exp; branches 1.3.2.1; next 1.2; 1.2 date 2004.08.13.18.08.03; author mycroft; state Exp; branches; next 1.1; 1.1 date 2004.06.29.04.48.28; author itojun; state Exp; branches; next ; 1.10.40.1 date 2018.07.28.04.33.03; author pgoyette; state Exp; branches; next ; commitid 1UP1xAIUxv1ZgRLA; 1.10.42.1 date 2019.06.10.21.42.45; author christos; state Exp; branches; next ; commitid jtc8rnCzWiEEHGqB; 1.9.8.1 date 2012.04.17.00.02.59; author yamt; state Exp; branches; next ; 1.7.12.1 date 2009.01.17.20.43.44; author mjf; state Exp; branches; next ; 1.3.2.1 date 2005.08.15.19.02.49; author tron; state Exp; branches; next 1.3.2.2; 1.3.2.2 date 2005.09.02.12.19.27; author tron; state Exp; branches; next 1.3.2.3; 1.3.2.3 date 2005.09.02.12.29.37; author tron; state Exp; branches; next ; desc @@ 1.14 log @Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision on case insensitive file systems @ text @#!/bin/sh # # $NetBSD: pf,v 1.13 2020/07/22 16:50:41 martin Exp $ # # PROVIDE: pf # REQUIRE: root bootconf CRITLOCALMOUNTED tty network dhcpcd # BEFORE: NETWORKING $_rc_subr_loaded . /etc/rc.subr name="pf" rcvar=$name start_precmd="pf_prestart" start_cmd="pf_start" stop_cmd="pf_stop" reload_cmd="pf_reload" status_cmd="pf_status" extra_commands="reload status" pf_prestart() { if [ ! -f ${pf_rules} ]; then warn "${pf_rules} not readable; pf start aborted." stop_boot return 1 fi return 0 } pf_start() { echo "Enabling pf firewall." # The pf_boot script has enabled pf already. if [ "$autoboot" != yes ]; then /sbin/pfctl -q ${pf_flags} -e fi if [ -f ${pf_rules} ]; then /sbin/pfctl -q ${pf_flags} -f ${pf_rules} else warn "${pf_rules} not found; no pf rules loaded." fi } pf_stop() { echo "Disabling pf firewall." /sbin/pfctl -q ${pf_flags} -Fa -d } pf_reload() { echo "Reloading pf rules." if [ -f ${pf_rules} ]; then /sbin/pfctl -q ${pf_flags} -f ${pf_rules} else warn "${pf_rules} not found; no pf rules loaded." fi } pf_status() { /sbin/pfctl ${pf_flags} -s info } load_rc_config $name run_rc_command "$1" @ 1.13 log @Split the local disk availability step into two phases to allow scripts that pre-populate parts of the system (e.g. a tmpfs based /var) an easy place to plug in like: # REQUIRE: mountcritlocal # BEFORE: MOUNTCRITLOCAL This also cleans up the existing special handling a bit by separating it into new scripts. All later scripts now depend on MOUNTCRITLOCAL. Discussed on tech-userlevel some time ago. @ text @d3 1 a3 1 # $NetBSD: pf,v 1.12 2020/07/04 06:24:53 skrll Exp $ d7 1 a7 1 # REQUIRE: root bootconf MOUNTCRITLOCAL tty network dhcpcd @ 1.12 log @Trailing whitespace @ text @d3 1 a3 1 # $NetBSD: pf,v 1.11 2018/06/29 12:34:15 roy Exp $ d7 1 a7 1 # REQUIRE: root bootconf mountcritlocal tty network dhcpcd @ 1.11 log @Remove dhclient from the base system. Discussed here: https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html @ text @d3 1 a3 1 # $NetBSD: pf,v 1.10 2011/11/21 20:56:21 darcy Exp $ d38 1 a38 1 /sbin/pfctl -q ${pf_flags} -e @ 1.10 log @Allow pf flags to be specified in rc.conf. Add default to defaults/rc.d as suggested by lukem@@ @ text @d3 1 a3 1 # $NetBSD: pf,v 1.9 2008/11/22 20:23:33 tsutsui Exp $ d7 1 a7 1 # REQUIRE: root bootconf mountcritlocal tty network dhclient @ 1.10.42.1 log @Sync with HEAD @ text @d3 1 a3 1 # $NetBSD: pf,v 1.11 2018/06/29 12:34:15 roy Exp $ d7 1 a7 1 # REQUIRE: root bootconf mountcritlocal tty network dhcpcd @ 1.10.40.1 log @Sync with HEAD @ text @d3 1 a3 1 # $NetBSD: pf,v 1.11 2018/06/29 12:34:15 roy Exp $ d7 1 a7 1 # REQUIRE: root bootconf mountcritlocal tty network dhcpcd @ 1.9 log @Add "bootconf" to REQUIRE: lines which had beforenetlkm since removed beforenetlkm required bootconf. @ text @d3 1 a3 1 # $NetBSD: pf,v 1.8 2008/11/12 12:35:52 ad Exp $ d38 1 a38 1 /sbin/pfctl -q -e d42 1 a42 1 /sbin/pfctl -q -f ${pf_rules} d51 1 a51 1 /sbin/pfctl -q -Fa -d d58 1 a58 1 /sbin/pfctl -q -f ${pf_rules} d66 1 a66 1 /sbin/pfctl -s info @ 1.9.8.1 log @sync with head @ text @d3 1 a3 1 # $NetBSD: pf,v 1.9 2008/11/22 20:23:33 tsutsui Exp $ d38 1 a38 1 /sbin/pfctl -q ${pf_flags} -e d42 1 a42 1 /sbin/pfctl -q ${pf_flags} -f ${pf_rules} d51 1 a51 1 /sbin/pfctl -q ${pf_flags} -Fa -d d58 1 a58 1 /sbin/pfctl -q ${pf_flags} -f ${pf_rules} d66 1 a66 1 /sbin/pfctl ${pf_flags} -s info @ 1.8 log @Remove LKMs and switch to the module framework, pass 1. Proposed on tech-kern@@. @ text @d3 1 a3 1 # $NetBSD: pf,v 1.7 2007/04/06 14:20:18 apb Exp $ d7 1 a7 1 # REQUIRE: root mountcritlocal tty network dhclient @ 1.7 log @* Add a stop_boot() function in rc.subr, to terminate a multi-user boot by killing the parent process. The parent's PID is saved in $RC_PID. * In all rc.d/* scripts that previously tried to stop the boot, replace in-line code with "stop_boot". * Document this. This should fix PR 29822. @ text @d3 1 a3 1 # $NetBSD: pf,v 1.6 2005/08/23 12:12:56 peter Exp $ d7 1 a7 1 # REQUIRE: root beforenetlkm mountcritlocal tty network dhclient @ 1.7.12.1 log @Sync with HEAD. @ text @d3 1 a3 1 # $NetBSD$ d7 1 a7 1 # REQUIRE: root bootconf mountcritlocal tty network dhclient @ 1.6 log @pf needs to be started after the network is up, because some pf rules derive IP address(es) from the interface (e.g "... from any to fxp0"). This however, creates window for possible attacks from the network. Implement the solution proposed by YAMAMOTO Takashi: Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot script before starting the network. People who don't like the default rules can override it with their own /etc/pf.boot.conf. The default rules have been obtained from OpenBSD. No objections on: tech-security @ text @d3 1 a3 1 # $NetBSD: pf,v 1.5 2005/08/10 13:52:05 peter Exp $ d26 1 a26 7 # If booting directly to multiuser, send SIGTERM to # the parent (/etc/rc) to abort the boot if [ "$autoboot" = yes ]; then echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" kill -TERM $$ exit 1 fi @ 1.5 log @Changes suggested by lukem: 1. Order pf to start before the network is configured. 2. If the pf_rules cannot be found at boot time, abort the boot (from the ipfilter script). @ text @d3 1 a3 1 # $NetBSD: pf,v 1.4 2005/08/07 01:03:39 peter Exp $ d7 2 a8 2 # REQUIRE: root beforenetlkm mountcritlocal tty # BEFORE: network d41 6 a46 1 /sbin/pfctl -q -e @ 1.4 log @Allow to change the location of the pf ruleset with the variable $pf_rules. @ text @d3 1 a3 1 # $NetBSD: pf,v 1.3 2005/03/15 18:22:03 peter Exp $ d7 2 a8 2 # REQUIRE: NETWORKING # BEFORE: SERVERS d14 1 d21 17 @ 1.3 log @Do a "flush all" when disabling pf. This also changes the restart case to do a "flush all", while the reload case will only reload the rules without flushing anything. Suggested by Miles Nordin. @ text @d3 1 a3 1 # $NetBSD: pf,v 1.2 2004/08/13 18:08:03 mycroft Exp $ d24 2 a25 2 if [ -f /etc/pf.conf ]; then /sbin/pfctl -q -f /etc/pf.conf d27 1 a27 1 warn "pf.conf not found; no pf rules loaded." d40 2 a41 2 if [ -f /etc/pf.conf ]; then /sbin/pfctl -q -f /etc/pf.conf d43 1 a43 1 warn "pf.conf not found; no pf rules loaded." @ 1.3.2.1 log @Pull up revision 1.4 (requested by peter in ticket #660): Allow to change the location of the pf ruleset with the variable $pf_rules. @ text @d3 1 a3 1 # $NetBSD$ d24 2 a25 2 if [ -f ${pf_rules} ]; then /sbin/pfctl -q -f ${pf_rules} d27 1 a27 1 warn "${pf_rules} not found; no pf rules loaded." d40 2 a41 2 if [ -f ${pf_rules} ]; then /sbin/pfctl -q -f ${pf_rules} d43 1 a43 1 warn "${pf_rules} not found; no pf rules loaded." @ 1.3.2.2 log @Pull up following revision(s) (requested by peter in ticket #717): etc/rc.d/pf: revision 1.5 Changes suggested by lukem: 1. Order pf to start before the network is configured. 2. If the pf_rules cannot be found at boot time, abort the boot (from the ipfilter script). @ text @d7 2 a8 2 # REQUIRE: root beforenetlkm mountcritlocal tty # BEFORE: network a13 1 start_precmd="pf_prestart" a19 17 pf_prestart() { if [ ! -f ${pf_rules} ]; then warn "${pf_rules} not readable; pf start aborted." # If booting directly to multiuser, send SIGTERM to # the parent (/etc/rc) to abort the boot if [ "$autoboot" = yes ]; then echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" kill -TERM $$ exit 1 fi return 1 fi return 0 } @ 1.3.2.3 log @Pull up following revision(s) (requested by peter in ticket #717): usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1 usr.sbin/postinstall/postinstall: revision 1.4 etc/rc.d/pf: revision 1.6 etc/rc.d/pf_boot: revision 1.1 usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1 usr.sbin/pf/Makefile: revision 1.7 etc/rc.d/Makefile: revision 1.52 etc/mtree/special: revision 1.89 usr.sbin/pf/man/man5/Makefile: revision 1.5 usr.sbin/pf/etc/defaults/Makefile: revision 1.1 pf needs to be started after the network is up, because some pf rules derive IP address(es) from the interface (e.g "... from any to fxp0"). This however, creates window for possible attacks from the network. Implement the solution proposed by YAMAMOTO Takashi: Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot script before starting the network. People who don't like the default rules can override it with their own /etc/pf.boot.conf. The default rules have been obtained from OpenBSD. No objections on: tech-security @ text @d7 2 a8 2 # REQUIRE: root beforenetlkm mountcritlocal tty network dhclient # BEFORE: NETWORKING d41 1 a41 6 # The pf_boot script has enabled pf already. if [ "$autoboot" != yes ]; then /sbin/pfctl -q -e fi @ 1.2 log @Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this for a speedup by doing: $_rc_subr_loaded . /etc/rc.subr @ text @d3 1 a3 1 # $NetBSD: pf,v 1.1 2004/06/29 04:48:28 itojun Exp $ d34 1 a34 1 /sbin/pfctl -q -d @ 1.1 log @rc.d fragment for PF. Peter Postma @ text @d3 1 a3 1 # $NetBSD$ d10 1 a10 1 . /etc/rc.subr @