diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 44521d092141..7831b93f442e 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -47,6 +47,7 @@ firewall_enable="NO"		# Set to YES to enable firewall functionality
 firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
 firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
+firewall_flags=""		# Flags passed to ipfw when type is a file
 natd_program="/sbin/natd"	# path to natd, if you want a different one.
 natd_enable="NO"                # Enable natd (if firewall_enable == YES).
 natd_interface="fxp0"           # Public interface or IPaddress to use.
diff --git a/etc/rc.firewall b/etc/rc.firewall
index b8643e3c323a..37428808e7a2 100644
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@@ -229,7 +229,7 @@ case ${firewall_type} in
 	;;
 *)
 	if [ -r "${firewall_type}" ]; then
-		${fwcmd} ${firewall_type}
+		${fwcmd} ${firewall_flags} ${firewall_type}
 	fi
 	;;
 esac