From 1f2252a38780712ab7e1aaddc20808f99c924813 Mon Sep 17 00:00:00 2001
From: rpe <>
Date: Mon, 17 Jul 2017 18:52:26 +0000
Subject: [PATCH] Tweak previous.

---
 src/etc/rc | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/etc/rc b/src/etc/rc
index b417c193..94820fab 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.510 2017/07/17 18:37:42 rpe Exp $
+#	$OpenBSD: rc,v 1.511 2017/07/17 18:52:26 rpe Exp $
 
 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
@@ -399,14 +399,14 @@ wsconsctl_conf
 
 # Set initial temporary pf rule set.
 if [[ $pf != NO ]]; then
-	RULES='
+	RULES="
 	block all
 	pass on lo0
 	pass in proto tcp from any to any port ssh keep state
 	pass out proto { tcp, udp } from any to any port domain keep state
 	pass out inet proto icmp all icmp-type echoreq keep state
 	pass out inet proto udp from any port bootpc to any port bootps
-	pass in inet proto udp from any port bootps to any port bootpc'
+	pass in inet proto udp from any port bootps to any port bootpc"
 
 	if ifconfig lo0 inet6 >/dev/null 2>&1; then
 		RULES="$RULES
@@ -422,13 +422,14 @@ if [[ $pf != NO ]]; then
 	pass in proto carp keep state (no-sync)
 	pass out proto carp !received-on any keep state (no-sync)"
 
-	# Don't kill NFS.
 	if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then
+		# Don't kill NFS.
 		RULES="set reassemble yes no-df
 		$RULES
 		pass in proto { tcp, udp } from any port { sunrpc, nfsd } to any
 		pass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"
 	fi
+
 	print -- "$RULES" | pfctl -f -
 	pfctl -e
 fi