diff --git a/contrib/pf/man/pfsync.4 b/contrib/pf/man/pfsync.4
index 10fc5a6180eb..abc81af4c5a9 100644
--- a/contrib/pf/man/pfsync.4
+++ b/contrib/pf/man/pfsync.4
@@ -129,7 +129,25 @@ dedicated to pfsync messages such as a crossover cable between two firewalls,
 or specify a peer address and protect the traffic with
 .Xr ipsec 4 .
 .Pp
+For
+.Nm
+to start its operation automatically at the system boot time,
+.Va pfsync_enable
+and
+.Va pfsync_syncdev
+variables should be used in
+.Xr rc.conf 5 .
+It is not advisable to set up
+.Nm
+with common network interface configuration variables of
+.Xr rc.conf 5
+because
+.Nm
+must start after its
+.Cm syncdev ,
+which cannot be always ensured in the latter case.
 .\" XXX: not yet!
+.\" .Pp
 .\" There is a one-to-one correspondence between packets seen by
 .\" .Xr bpf 4
 .\" on the
@@ -167,14 +185,15 @@ indicated):
 Interfaces configuration in
 .Pa /etc/rc.conf :
 .Bd -literal -offset indent
+network_interfaces="lo0 sis0 sis1 sis2"
 cloned_interfaces="carp0 carp1"
-network_interfaces="lo0 sis0 sis1 sis2 carp0 carp1 pfsync0"
 ifconfig_sis0="10.0.0.254/24"
 ifconfig_sis1="192.168.0.254/24"
 ifconfig_sis2="192.168.254.254/24"
 ifconfig_carp0="vhid 1 pass foo 10.0.0.1/24"
 ifconfig_carp1="vhid 2 pass bar 192.168.0.1/24"
-ifconfig_pfsync0="up syncif sis2"
+pfsync_enable="YES"
+pfsync_syncdev="sis2"
 .Ed
 .Pp
 .Xr pf 4
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 34b1add26d70..1385061d7520 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -135,6 +135,9 @@ pflog_enable="NO"		# Set to YES to enable packet filter logging
 pflog_logfile="/var/log/pflog"	# where pflogd should store the logfile
 pflog_program="/sbin/pflogd"	# where the pflogd program lives
 pflog_flags=""			# additional flags for pflogd
+pfsync_enable="NO"		# Expose pf state to other hosts for syncing
+pfsync_syncdev=""		# Interface for pfsync to work through
+pfsync_ifconfig=""		# Additional options to ifconfig(8) for pfsync
 tcp_extensions="YES"		# Set to NO to turn off RFC1323 extensions.
 log_in_vain="0"			# >=1 to log connects to ports w/o listeners.
 tcp_keepalive="YES"		# Enable stale TCP connection timeout (or NO).
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
index 74374554260a..e0ba8e58da6d 100755
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@@ -25,7 +25,7 @@ FILES=	DAEMON LOGIN NETWORKING SERVERS \
 	network_ipv6 newsyslog nfsclient nfsd \
 	nfslocking nfsserver nisdomain nsswitch ntpd ntpdate \
 	othermta \
-	pccard pcvt pf pflog \
+	pccard pcvt pf pflog pfsync \
 	powerd power_profile ppp-user pppoed pwcheck \
 	quota \
 	ramdisk ramdisk-own random rarpd rcconf.sh resolv root \
diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync
new file mode 100644
index 000000000000..8d490421c163
--- /dev/null
+++ b/etc/rc.d/pfsync
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: pfsync
+# REQUIRE: root mountcritlocal netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="pfsync"
+rcvar=`set_rcvar`
+start_precmd="pfsync_prestart"
+start_cmd="pfsync_start"
+stop_cmd="pfsync_stop"
+
+pfsync_prestart()
+{
+	case "$pfsync_syncdev" in
+	'')
+		warn "pfsync_syncdev is not set."
+		return 1
+		;;
+	esac
+
+	# load pf kernel module if needed
+	if ! kldstat -q -m pf ; then
+		if kldload pf ; then
+			info "pf module loaded."
+		else
+			warn "pf module failed to load."
+			return 1
+		fi
+	fi
+
+	return 0
+}
+
+pfsync_start()
+{
+	echo "Enabling pfsync."
+	ifconfig pfsync0 syncdev $pfsync_syncdev $pfsync_ifconfig up
+}
+
+pfsync_stop()
+{
+	echo "Disabling pfsync."
+	ifconfig pfsync0 -syncdev down
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index cb4b0a319b6b..93862edd430a 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -785,6 +785,38 @@ Empty by default.
 This variable contains additional flags passed to the
 .Xr pflogd 8
 program.
+.It Va pfsync_enable
+.Pq Vt bool
+Set to
+.Dq Li NO
+by default.
+Setting this to
+.Dq Li YES
+enables exposing
+.Xr pf 4
+state changes to other hosts over the network by means of
+.Xr pfsync 4 .
+The
+.Va pfsync_syncdev
+variable
+must also be set then.
+.It Va pfsync_syncdev
+.Pq Vt str
+Empty by default.
+This variable specifies the name of the network interface
+.Xr pfsync 4
+should operate through.
+It must be set accordingly if
+.Va pfsync_enable
+is set to
+.Dq Li YES .
+.It Va pfsync_ifconfig
+.Pq Vt str
+Empty by default.
+This variable can contain additional options to be passed to the
+.Xr ifconfig 8
+command used to set up
+.Xr pfsync 4 .
 .It Va tcp_extensions
 .Pq Vt bool
 Set to
@@ -3323,6 +3355,7 @@ device and the mount point will be changed.
 .Xr kld 4 ,
 .Xr pf 4 ,
 .Xr pflog 4 ,
+.Xr pfsync 4 ,
 .Xr tcp 4 ,
 .Xr udp 4 ,
 .Xr exports 5 ,