Index: ip_fw2.c
===================================================================
RCS file: /space2/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.11
diff -u -p -r1.11 ip_fw2.c
--- ip_fw2.c	25 Aug 2002 03:50:17 -0000	1.11
+++ ip_fw2.c	16 Oct 2002 18:29:32 -0000
@@ -2673,6 +2673,7 @@ static void
 ipfw_init(void)
 {
 	struct ip_fw default_rule;
+	int default_to_accept;
 
 	ip_fw_chk_ptr = ipfw_chk;
 	ip_fw_ctl_ptr = ipfw_ctl;
@@ -2686,12 +2687,15 @@ ipfw_init(void)
 	default_rule.set = 31;
 
 	default_rule.cmd[0].len = 1;
-	default_rule.cmd[0].opcode =
 #ifdef IPFIREWALL_DEFAULT_TO_ACCEPT
-				1 ? O_ACCEPT :
+	default_to_accept = 1;
+#else
+	default_to_accept = testenv("net.inet.ip.fw.default_to_accept");
 #endif
-				O_DENY;
-
+	if (default_to_accept)
+		default_rule.cmd[0].opcode = O_ACCEPT;
+	else
+		default_rule.cmd[0].opcode = O_DENY;
 	add_rule(&layer3_chain, &default_rule);
 
 	ip_fw_default_rule = layer3_chain;