===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/etc/rc,v
retrieving revision 1.510
retrieving revision 1.511
diff -c -r1.510 -r1.511
*** src/etc/rc	2017/07/17 18:37:42	1.510
--- src/etc/rc	2017/07/17 18:52:26	1.511
***************
*** 1,4 ****
! #	$OpenBSD: rc,v 1.510 2017/07/17 18:37:42 rpe Exp $
  
  # System startup script run by init on autoboot or after single-user.
  # Output and error are redirected to console by init, and the console is the
--- 1,4 ----
! #	$OpenBSD: rc,v 1.511 2017/07/17 18:52:26 rpe Exp $
  
  # System startup script run by init on autoboot or after single-user.
  # Output and error are redirected to console by init, and the console is the
***************
*** 399,412 ****
  
  # Set initial temporary pf rule set.
  if [[ $pf != NO ]]; then
! 	RULES='
  	block all
  	pass on lo0
  	pass in proto tcp from any to any port ssh keep state
  	pass out proto { tcp, udp } from any to any port domain keep state
  	pass out inet proto icmp all icmp-type echoreq keep state
  	pass out inet proto udp from any port bootpc to any port bootps
! 	pass in inet proto udp from any port bootps to any port bootpc'
  
  	if ifconfig lo0 inet6 >/dev/null 2>&1; then
  		RULES="$RULES
--- 399,412 ----
  
  # Set initial temporary pf rule set.
  if [[ $pf != NO ]]; then
! 	RULES="
  	block all
  	pass on lo0
  	pass in proto tcp from any to any port ssh keep state
  	pass out proto { tcp, udp } from any to any port domain keep state
  	pass out inet proto icmp all icmp-type echoreq keep state
  	pass out inet proto udp from any port bootpc to any port bootps
! 	pass in inet proto udp from any port bootps to any port bootpc"
  
  	if ifconfig lo0 inet6 >/dev/null 2>&1; then
  		RULES="$RULES
***************
*** 422,434 ****
  	pass in proto carp keep state (no-sync)
  	pass out proto carp !received-on any keep state (no-sync)"
  
- 	# Don't kill NFS.
  	if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then
  		RULES="set reassemble yes no-df
  		$RULES
  		pass in proto { tcp, udp } from any port { sunrpc, nfsd } to any
  		pass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"
  	fi
  	print -- "$RULES" | pfctl -f -
  	pfctl -e
  fi
--- 422,435 ----
  	pass in proto carp keep state (no-sync)
  	pass out proto carp !received-on any keep state (no-sync)"
  
  	if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then
+ 		# Don't kill NFS.
  		RULES="set reassemble yes no-df
  		$RULES
  		pass in proto { tcp, udp } from any port { sunrpc, nfsd } to any
  		pass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"
  	fi
+ 
  	print -- "$RULES" | pfctl -f -
  	pfctl -e
  fi