diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index e82da9d96291..07d86f45f9e2 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -115,6 +115,15 @@ firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
 firewall_flags=""		# Flags passed to ipfw when type is a file
+firewall_client_net="192.0.2.0/24" # Network address for "client" firewall.
+firewall_simple_iif="ed1"	# Inside network interface for "simple"
+				# firewall.
+firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
+				# firewall.
+firewall_simple_oif="ed0"	# Outside network interface for "simple"
+				# firewall.
+firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
+				# firewall.
 firewall_myservices=""		# List of TCP ports on which this host
 				# offers services for "workstation" firewall.
 firewall_allowservices=""	# List of IPs which have access to
diff --git a/etc/rc.firewall b/etc/rc.firewall
index 980fb524ebbb..bc700d1f8b27 100644
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@@ -164,10 +164,13 @@ case ${firewall_type} in
 	############
 	# This is a prototype setup that will protect your system somewhat
 	# against people from outside your own network.
+	#
+	# Configuration:
+	#  firewall_client_net:		Network address of local network.
 	############
 
-	# set these to your network
-	net="192.0.2.0/24"
+	# set this to your local network
+	net="$firewall_client_net"
 
 	# Allow limited broadcast traffic from my own net.
 	${fwcmd} add pass all from ${net} to 255.255.255.255
@@ -207,15 +210,21 @@ case ${firewall_type} in
 	# This is a prototype setup for a simple firewall.  Configure this
 	# machine as a DNS and NTP server, and point all the machines
 	# on the inside at this machine for those services.
+	#
+	# Configuration:
+	#  firewall_simple_iif:		Inside network interface.
+	#  firewall_simple_inet:	Inside network address.
+	#  firewall_simple_oif:		Outside network interface.
+	#  firewall_simple_onet:	Outside network address.
 	############
 
 	# set these to your outside interface network
-	oif="ed0"
-	onet="192.0.2.0/28"
+	oif="$firewall_simple_oif"
+	onet="$firewall_simple_onet"
 
 	# set these to your inside interface network
-	iif="ed1"
-	inet="192.0.2.16/28"
+	iif="$firewall_simple_iif"
+	inet="$firewall_simple_inet"
 
 	# Stop spoofing
 	${fwcmd} add deny all from ${inet} to any in via ${oif}