On Tue, 26 Dec 2006, Darren Reed wrote:

> If there were to be a script that took over the role of enabling ipfilter
> in netbsd at bootup, which file(s) should it use and how?
> 
> Should it, for example, modify /etc/rc.conf?
> 
> If it were to do this, should it create an /etc/rc.conf.lock to ensure
> that only one program is updating that file or not bother?
> 
> Or should it modify files in /etc/rc.conf.d/?
> Should it use .lock on files to serialise access ?
> And how do settings in files there gel with /etc/rc.d?
> Will it be intuitive for people to glance at rc.conf, see
> ipfilter is enabled, but know that it is really disabled
> because of a setting in /etc/rc.conf.d/ipfilter ?

/etc/rc.conf.d/ipfilter is correct to me. It is loaded after /etc/rc.conf.

The correct way to see the setting(s) is to run "/etc/rc.d/ipfilter 
rcvar".

As for locking that rc.d/ipfilter specific config, I wouldn't bother.