===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/etc/rc,v
retrieving revision 1.317
retrieving revision 1.318
diff -c -r1.317 -r1.318
*** src/etc/rc	2008/06/15 04:49:34	1.317
--- src/etc/rc	2008/07/09 20:23:47	1.318
***************
*** 1,4 ****
! #	$OpenBSD: rc,v 1.317 2008/06/15 04:49:34 sturm Exp $
  
  # System startup script run by init on autoboot
  # or after single-user.
--- 1,4 ----
! #	$OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $
  
  # System startup script run by init on autoboot
  # or after single-user.
***************
*** 116,121 ****
--- 116,149 ----
  	fi
  }
  
+ fill_baddynamic()
+ {
+ 	local _service="$1"
+ 	local _sysctl="net.inet.${_service}.baddynamic"
+ 	local _name _port _srv _junk _ban
+ 	local _i=0
+ 	grep "/${_service}" /etc/services | { 
+ 		IFS=" 	/"
+ 		while read _name _port _srv _junk; do
+ 			[ "x${_srv}" = "x${_service}" ] || continue;
+ 			if [ "x${_ban}" = "x" ]; then
+ 				_ban="+${_port}"
+ 			else
+ 				_ban="${_ban},+${_port}"
+ 			fi
+ 			# Flush before argv gets too long
+ 			if [ $((++_i)) -gt 128 ]; then
+ 				sysctl ${_sysctl}=${_ban} >/dev/null
+ 				_ban=""
+ 				_i=0
+ 			fi
+ 		done; 
+ 		if [ "x${_ban}" != "x" ]; then
+ 			sysctl ${_sysctl}=${_ban} >/dev/null
+ 		fi
+ 	}
+ }
+ 
  # End subroutines
  
  stty status '^T'
***************
*** 252,257 ****
--- 280,289 ----
  	echo $RULES | pfctl -f -
  	pfctl -e
  fi
+ 
+ # Fill net.inet.(tcp|udp).baddynamic lists from /etc/services
+ fill_baddynamic udp
+ fill_baddynamic tcp
  
  sysctl_conf