For the "client" and "simple" network types, collapse the separate "net"

and "mask" variables into a single "net" variable that contains a full
network address (including either a netmask or prefix length at the user's
choice).  Update the example settings to match.

MFC after:	2 weeks

etc/rc.firewall

@@ -166,16 +166,15 @@ case ${firewall_type} in
 	# against people from outside your own network.
 	############
 
-	# set these to your network and netmask and ip
-	net="192.0.2.0"
-	mask="255.255.255.0"
+	# set these to your network
+	net="192.0.2.0/24"
 
 	# Allow limited broadcast traffic from my own net.
-	${fwcmd} add pass all from ${net}:${mask} to 255.255.255.255
+	${fwcmd} add pass all from ${net} to 255.255.255.255
 
 	# Allow any traffic to or from my own net.
-	${fwcmd} add pass all from me to ${net}:${mask}
-	${fwcmd} add pass all from ${net}:${mask} to me
+	${fwcmd} add pass all from me to ${net}
+	${fwcmd} add pass all from ${net} to me
 
 	# Allow TCP through if setup succeeded
 	${fwcmd} add pass tcp from any to any established
@@ -210,19 +209,17 @@ case ${firewall_type} in
 	# on the inside at this machine for those services.
 	############
 
-	# set these to your outside interface network and netmask and ip
+	# set these to your outside interface network
 	oif="ed0"
-	onet="192.0.2.0"
-	omask="255.255.255.240"
+	onet="192.0.2.0/28"
 
-	# set these to your inside interface network and netmask and ip
+	# set these to your inside interface network
 	iif="ed1"
-	inet="192.0.2.16"
-	imask="255.255.255.240"
+	inet="192.0.2.16/28"
 
 	# Stop spoofing
-	${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
-	${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
+	${fwcmd} add deny all from ${inet} to any in via ${oif}
+	${fwcmd} add deny all from ${onet} to any in via ${iif}
 
 	# Stop RFC1918 nets on the outside interface
 	${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}