1 files changed, 16 insertions, 0 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 40e621a..23903c4 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -55,6 +55,22 @@ natd_program="/sbin/natd"	# path to natd, if you want a different one.
 natd_enable="NO"                # Enable natd (if firewall_enable == YES).
 natd_interface="fxp0"           # Public interface or IPaddress to use.
 natd_flags=""                   # Additional flags for natd.
+ipfilter_enable="NO"		# Set to YES to enable ipfilter functionality
+ipfilter_program="/sbin/ipf -Fa -f"
+				# program and how to specify the rules file,
+				# see /etc/rc.network (pass1) for details
+ipfilter_rules="/etc/ipf.rules"	# rules definition file for ipfilter, see
+				# /usr/src/contrib/ipfilter/rules for examples
+ipfilter_flags="-E"		# should be *empty* when ipf is _not_ a module
+				# (i.e. compiled into the kernel) to
+				# avoid a warning about "already initialized"
+ipnat_enable="NO"		# Set to YES for ipnat; needs ipfilter, too!
+ipnat_program="/sbin/ipnat -CF -f" # program and how to specify rules file
+ipnat_rules="/etc/ipnat.rules"	# rules definition file for ipnat
+ipnat_flags=""			# additional flags for ipnat
+ipmon_enable="NO"		# Set to YES for ipmon; needs ipfilter, too!
+ipmon_program="/sbin/ipmon"	# where the ipfilter monitor program lives
+ipmon_flags="-Ds"		# typically "-Ds" or "-D /var/log/ipflog"
 tcp_extensions="NO"		# Set to YES to turn on RFC1323 extensions.
 log_in_vain="NO"		# YES to log connects to ports w/o listeners.
 tcp_keepalive="YES"		# Enable stale TCP connection timeout (or NO).