From 91c2da749d58f0c1dd88ce4e1198dc3fdc8cd867 Mon Sep 17 00:00:00 2001
From: mcbride <>
Date: Mon, 22 Mar 2004 04:34:42 +0000
Subject: [PATCH] Pass pfsync and carp traffic in the boot-time pf
 configuration. Bring carp interfaces down at shutdown, to make a graceful
 exit if we're master.

ok deraadt@
---
 src/etc/rc | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/etc/rc b/src/etc/rc
index 45a7449c..c79d89b2 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.239 2004/03/05 23:54:47 henning Exp $
+#	$OpenBSD: rc,v 1.240 2004/03/22 04:34:42 mcbride Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -45,6 +45,15 @@ if [ $1x = shutdownx ]; then
 		if [ "X${powerdown}" = X"YES" ]; then
 			exit 2
 		fi
+
+		# bring carp interfaces down gracefully
+		for hn in /etc/hostname.carp[0-9]*; do
+			# Strip off /etc/hostname. prefix
+			if=${hn#/etc/hostname.}
+			test "$if" = "*" && continue
+
+			ifconfig $if down
+		done
 	else
 		echo single user: not running /etc/rc.shutdown
 	fi
@@ -124,6 +133,7 @@ if [ "X${pf}" != X"NO" ]; then
 	RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
 	RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state"
 	RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state"
+	RULES="$RULES\npass proto { pfsync, carp }"
 	case `sysctl vfs.mounts.nfs 2>/dev/null` in
 	*[1-9]*)
 		# don't kill NFS