===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/etc/rc,v
retrieving revision 1.510
retrieving revision 1.511
diff -u -r1.510 -r1.511
--- src/etc/rc	2017/07/17 18:37:42	1.510
+++ src/etc/rc	2017/07/17 18:52:26	1.511
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.510 2017/07/17 18:37:42 rpe Exp $
+#	$OpenBSD: rc,v 1.511 2017/07/17 18:52:26 rpe Exp $
 
 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
@@ -399,14 +399,14 @@
 
 # Set initial temporary pf rule set.
 if [[ $pf != NO ]]; then
-	RULES='
+	RULES="
 	block all
 	pass on lo0
 	pass in proto tcp from any to any port ssh keep state
 	pass out proto { tcp, udp } from any to any port domain keep state
 	pass out inet proto icmp all icmp-type echoreq keep state
 	pass out inet proto udp from any port bootpc to any port bootps
-	pass in inet proto udp from any port bootps to any port bootpc'
+	pass in inet proto udp from any port bootps to any port bootpc"
 
 	if ifconfig lo0 inet6 >/dev/null 2>&1; then
 		RULES="$RULES
@@ -422,13 +422,14 @@
 	pass in proto carp keep state (no-sync)
 	pass out proto carp !received-on any keep state (no-sync)"
 
-	# Don't kill NFS.
 	if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then
+		# Don't kill NFS.
 		RULES="set reassemble yes no-df
 		$RULES
 		pass in proto { tcp, udp } from any port { sunrpc, nfsd } to any
 		pass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"
 	fi
+
 	print -- "$RULES" | pfctl -f -
 	pfctl -e
 fi