diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 0fdce82d6c75..15b88ac40e0b 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -1,4 +1,4 @@
-#	$NetBSD: rc.conf,v 1.115 2011/09/06 21:32:29 riz Exp $
+#	$NetBSD: rc.conf,v 1.116 2011/11/21 20:56:21 darcy Exp $
 #
 # /etc/defaults/rc.conf --
 #	default configuration of /etc/rc.conf
@@ -167,7 +167,7 @@ ipnat=NO					# uses /etc/ipnat.conf
 ipfs=NO			ipfs_flags=""		# save/load ipnat and ipf states
 ipsec=NO					# uses /etc/ipsec.conf
 ipmon=NO		ipmon_flags="-Dns"	# syslog ipfilter messages
-pf=NO			pf_rules="/etc/pf.conf"
+pf=NO			pf_rules="/etc/pf.conf" pf_flags=""
 pflogd=NO
 ftp_proxy=NO
 racoon=NO					# IKE daemon
diff --git a/etc/rc.d/pf b/etc/rc.d/pf
index a17d0058abfc..850bca64b58a 100644
--- a/etc/rc.d/pf
+++ b/etc/rc.d/pf
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: pf,v 1.9 2008/11/22 20:23:33 tsutsui Exp $
+# $NetBSD: pf,v 1.10 2011/11/21 20:56:21 darcy Exp $
 #
 
 # PROVIDE: pf
@@ -35,11 +35,11 @@ pf_start()
 
 	# The pf_boot script has enabled pf already.
 	if [ "$autoboot" != yes ]; then
-		/sbin/pfctl -q -e 
+		/sbin/pfctl -q ${pf_flags} -e 
 	fi
 
 	if [ -f ${pf_rules} ]; then
-		/sbin/pfctl -q -f ${pf_rules}
+		/sbin/pfctl -q ${pf_flags} -f ${pf_rules}
 	else
 		warn "${pf_rules} not found; no pf rules loaded."
 	fi
@@ -48,14 +48,14 @@ pf_start()
 pf_stop()
 {
 	echo "Disabling pf firewall."
-	/sbin/pfctl -q -Fa -d
+	/sbin/pfctl -q ${pf_flags} -Fa -d
 }
 
 pf_reload()
 {
 	echo "Reloading pf rules."
 	if [ -f ${pf_rules} ]; then
-		/sbin/pfctl -q -f ${pf_rules}
+		/sbin/pfctl -q ${pf_flags} -f ${pf_rules}
 	else
 		warn "${pf_rules} not found; no pf rules loaded."
 	fi
@@ -63,7 +63,7 @@ pf_reload()
 
 pf_status()
 {
-	/sbin/pfctl -s info
+	/sbin/pfctl ${pf_flags} -s info
 }
 
 load_rc_config $name