From 2a981852c1552a0f6393141c27c5c473b61da5b8 Mon Sep 17 00:00:00 2001
From: krw <>
Date: Thu, 22 Jan 2015 19:00:24 +0000
Subject: [PATCH] Use /etc/services names in all the default pf rules (most
 already did). This allows any local changes to /etc/services to be effective
 if all you have is the default.

Issue pointed out by Brian S. Vangsgaard on bugs@. Thanks!

ok phessler@ deraadt@
---
 src/etc/rc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/etc/rc b/src/etc/rc
index fb1acc71..2ba0640c 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.446 2014/12/03 20:13:49 florian Exp $
+#	$OpenBSD: rc,v 1.447 2015/01/22 19:00:24 krw Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -318,8 +318,8 @@ wsconsctl_conf
 if [ X"${pf}" != X"NO" ]; then
 	RULES="block all"
 	RULES="$RULES\npass on lo0"
-	RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
-	RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state"
+	RULES="$RULES\npass in proto tcp from any to any port ssh keep state"
+	RULES="$RULES\npass out proto { tcp, udp } from any to any port domain keep state"
 	RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state"
 	RULES="$RULES\npass out inet proto udp from any port bootpc to any port bootps"
 	RULES="$RULES\npass in inet proto udp from any port bootps to any port bootpc"
@@ -337,8 +337,8 @@ if [ X"${pf}" != X"NO" ]; then
 	*[1-9]*)
 		# don't kill NFS
 		RULES="set reassemble yes no-df\n$RULES"
-		RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any"
-		RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 } !received-on any"
+		RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any"
+		RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"
 		;;
 	esac
 	echo $RULES | pfctl -f -