--- etc.new/defaults/rc.conf	2008-11-12 08:27:20.000000000 -0800
+++ etc.new/defaults/rc.conf	2009-01-14 09:46:23.000000000 -0800
@@ -152,6 +152,7 @@ 
 ipfilter_rules="/etc/ipf.rules"	# rules definition file for ipfilter, see
 				# /usr/src/contrib/ipfilter/rules for examples
 ipfilter_flags=""		# additional flags for ipfilter
+ipfilter_variables=""		# <optionlist> for -T, see ipf(8)
 ipnat_enable="NO"		# Set to YES to enable ipnat functionality
 ipnat_program="/sbin/ipnat"	# where the ipnat program lives
 ipnat_rules="/etc/ipnat.rules"	# rules definition file for ipnat
--- etc.new/rc.d/ipfilter	2008-01-27 23:55:44.000000000 -0800
+++ etc.new/rc.d/ipfilter	2009-01-14 09:43:34.000000000 -0800
@@ -30,6 +30,14 @@ 
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
+	if [ ! -z "${ipfilter_variables}" ]; then
+		# Can set ipfilter variables only when it is disabled,
+		# which flushes filter and nat rules
+		if [ `sysctl -n net.inet.ipf.fr_running` -gt 0 ]; then
+			${ipfilter_program:-/sbin/ipf} -D
+		fi
+		${ipfilter_program:-/sbin/ipf} -T "${ipfilter_variables}"
+	fi
 	if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
 		${ipfilter_program:-/sbin/ipf} -E
 	fi