diff --git a/README b/README
index d37569ef..ffd0bcb5 100644
--- a/README
+++ b/README
@@ -350,4 +350,4 @@ with cdist on more than **60** production machines of the
 
 The CBRG is managing most of their compute clusters with cdist.
 
-
+[[!tag cdist unix]]
diff --git a/conf/type/__package/man.text b/conf/type/__package/man.text
index 0d8f8c9e..69ecf0ad 100644
--- a/conf/type/__package/man.text
+++ b/conf/type/__package/man.text
@@ -16,8 +16,7 @@ It dispatches the actual work to the package system dependant types.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -34,6 +33,9 @@ type::
     e.g. __package_apt for Debian
          __package_emerge for Gentoo
 
+state::
+    The state the package should be in, either "present" or "absent"
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package/parameter/optional b/conf/type/__package/parameter/optional
index 6f793411..9982507e 100644
--- a/conf/type/__package/parameter/optional
+++ b/conf/type/__package/parameter/optional
@@ -2,3 +2,4 @@ name
 version
 type
 pkgsite
+state
diff --git a/conf/type/__package_apt/gencode-remote b/conf/type/__package_apt/gencode-remote
index a5bd7708..a80d707e 100755
--- a/conf/type/__package_apt/gencode-remote
+++ b/conf/type/__package_apt/gencode-remote
@@ -27,7 +27,11 @@ else
    name="$__object_id"
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
 
 # FIXME: use grep directly, state is a list, not a line!
 state_is="$(cat "$__object/explorer/state")"
diff --git a/conf/type/__package_apt/man.text b/conf/type/__package_apt/man.text
index 5848a131..35c34d33 100644
--- a/conf/type/__package_apt/man.text
+++ b/conf/type/__package_apt/man.text
@@ -16,8 +16,7 @@ manage packages.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -25,6 +24,9 @@ OPTIONAL PARAMETERS
 name::
    If supplied, use the name and not the object id as the package name.
 
+state::
+    The state the package should be in, either "present" or "absent"
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_apt/parameter/optional b/conf/type/__package_apt/parameter/optional
index a52167d3..41b8e6cf 100644
--- a/conf/type/__package_apt/parameter/optional
+++ b/conf/type/__package_apt/parameter/optional
@@ -1,2 +1,3 @@
 name
 version
+state
diff --git a/conf/type/__package_apt/parameter/required b/conf/type/__package_apt/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_apt/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_luarocks/gencode-remote b/conf/type/__package_luarocks/gencode-remote
index 1046a936..7a5a5b04 100755
--- a/conf/type/__package_luarocks/gencode-remote
+++ b/conf/type/__package_luarocks/gencode-remote
@@ -29,7 +29,11 @@ else
     name="$__object_id"
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
 
 if grep -q "(installed)" "$__object/explorer/pkg_status"; then
     state_is="present"
diff --git a/conf/type/__package_luarocks/man.text b/conf/type/__package_luarocks/man.text
index 75ac93fb..18a80a79 100644
--- a/conf/type/__package_luarocks/man.text
+++ b/conf/type/__package_luarocks/man.text
@@ -15,8 +15,7 @@ LuaRocks is a deployment and management system for Lua modules.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
 name::
     If supplied, use the name and not the object id as the package name.
 
+state::
+    The state the package should be in, either "present" or "absent"
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_luarocks/parameter/optional b/conf/type/__package_luarocks/parameter/optional
index f121bdbf..1b423dc4 100644
--- a/conf/type/__package_luarocks/parameter/optional
+++ b/conf/type/__package_luarocks/parameter/optional
@@ -1 +1,2 @@
 name
+state
diff --git a/conf/type/__package_luarocks/parameter/required b/conf/type/__package_luarocks/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_luarocks/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_opkg/gencode-remote b/conf/type/__package_opkg/gencode-remote
index ab8b5ee8..43f1ad8a 100755
--- a/conf/type/__package_opkg/gencode-remote
+++ b/conf/type/__package_opkg/gencode-remote
@@ -28,7 +28,12 @@ else
    name="$__object_id"
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
+
 state_is="$(cat "$__object/explorer/pkg_status")"
 case "$state_is" in
     absent*)
diff --git a/conf/type/__package_opkg/man.text b/conf/type/__package_opkg/man.text
index 19d26af6..3d02d1ce 100644
--- a/conf/type/__package_opkg/man.text
+++ b/conf/type/__package_opkg/man.text
@@ -15,8 +15,7 @@ opkg is usually used on OpenWRT to manage packages.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-   The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
 name::
    If supplied, use the name and not the object id as the package name.
 
+state::
+   The state the package should be in, either "present" or "absent"
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_opkg/parameter/optional b/conf/type/__package_opkg/parameter/optional
index f121bdbf..1b423dc4 100644
--- a/conf/type/__package_opkg/parameter/optional
+++ b/conf/type/__package_opkg/parameter/optional
@@ -1 +1,2 @@
 name
+state
diff --git a/conf/type/__package_opkg/parameter/required b/conf/type/__package_opkg/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_opkg/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_pacman/gencode-remote b/conf/type/__package_pacman/gencode-remote
index da1ac7c2..02744fa8 100755
--- a/conf/type/__package_pacman/gencode-remote
+++ b/conf/type/__package_pacman/gencode-remote
@@ -31,7 +31,11 @@ else
    name="$__object_id"
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
 
 pkg_version="$(cat "$__object/explorer/pkg_version")"
 if [ -z "$pkg_version" ]; then
diff --git a/conf/type/__package_pacman/man.text b/conf/type/__package_pacman/man.text
index 4c23a2bd..17c2037a 100644
--- a/conf/type/__package_pacman/man.text
+++ b/conf/type/__package_pacman/man.text
@@ -16,8 +16,7 @@ packages.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -25,6 +24,9 @@ OPTIONAL PARAMETERS
 name::
     If supplied, use the name and not the object id as the package name.
 
+state::
+    The state the package should be in, either "present" or "absent"
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_pacman/parameter/optional b/conf/type/__package_pacman/parameter/optional
index f121bdbf..1b423dc4 100644
--- a/conf/type/__package_pacman/parameter/optional
+++ b/conf/type/__package_pacman/parameter/optional
@@ -1 +1,2 @@
 name
+state
diff --git a/conf/type/__package_pacman/parameter/required b/conf/type/__package_pacman/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_pacman/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_pip/gencode-remote b/conf/type/__package_pip/gencode-remote
index 0f15abdc..3456ced2 100644
--- a/conf/type/__package_pip/gencode-remote
+++ b/conf/type/__package_pip/gencode-remote
@@ -22,7 +22,11 @@
 #
 
 state_is=$(cat "$__object/explorer/state")
-state_should=$(cat "$__object/parameter/state")
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
 
 [ "$state_is" = "$state_should" ] && exit 0
 
diff --git a/conf/type/__package_pip/man.text b/conf/type/__package_pip/man.text
index 2a620658..21d4f9fd 100644
--- a/conf/type/__package_pip/man.text
+++ b/conf/type/__package_pip/man.text
@@ -16,8 +16,7 @@ It is also included in the python virtualenv environment.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-   Either "present" or "absent".
+None
 
 
 OPTIONAL PARAMETERS
@@ -28,6 +27,9 @@ name::
 pip::
     Instead of using pip from PATH, use the specific pip path.
 
+state::
+   Either "present" or "absent".
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_pip/parameter/optional b/conf/type/__package_pip/parameter/optional
index a1b589e3..f32876f7 100644
--- a/conf/type/__package_pip/parameter/optional
+++ b/conf/type/__package_pip/parameter/optional
@@ -1 +1,2 @@
 pip
+state
diff --git a/conf/type/__package_pip/parameter/required b/conf/type/__package_pip/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_pip/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_pkg_freebsd/gencode-remote b/conf/type/__package_pkg_freebsd/gencode-remote
index 21120d41..3f5ebde7 100755
--- a/conf/type/__package_pkg_freebsd/gencode-remote
+++ b/conf/type/__package_pkg_freebsd/gencode-remote
@@ -63,7 +63,11 @@ if [ -f "$__object/parameter/pkgsite" ]; then
 	pkgsite="$(cat "$__object/parameter/pkgsite")"
 fi
 
-state="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state="$(cat "$__object/parameter/state")"
+else
+   state="present"
+fi
 curr_version="$(cat "$__object/explorer/pkg_version")"
 add_cmd="pkg_add"
 rm_cmd="pkg_delete"
diff --git a/conf/type/__package_pkg_freebsd/man.text b/conf/type/__package_pkg_freebsd/man.text
index fd9a6792..f1589037 100644
--- a/conf/type/__package_pkg_freebsd/man.text
+++ b/conf/type/__package_pkg_freebsd/man.text
@@ -15,8 +15,7 @@ This type is usually used on FreeBSD to manage packages.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-   Either "present" or "absent".
+None
 
 
 OPTIONAL PARAMETERS
@@ -33,6 +32,9 @@ version::
 pkgsite::
    If supplied, use to install from a specific package repository.
 
+state::
+   Either "present" or "absent".
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_pkg_freebsd/parameter/optional b/conf/type/__package_pkg_freebsd/parameter/optional
index 3fb2f29e..8cb68f98 100644
--- a/conf/type/__package_pkg_freebsd/parameter/optional
+++ b/conf/type/__package_pkg_freebsd/parameter/optional
@@ -2,3 +2,4 @@ name
 flavor
 version
 pkgsite
+state
diff --git a/conf/type/__package_pkg_freebsd/parameter/required b/conf/type/__package_pkg_freebsd/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_pkg_freebsd/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_pkg_openbsd/gencode-remote b/conf/type/__package_pkg_openbsd/gencode-remote
index ed36f04a..1df87997 100755
--- a/conf/type/__package_pkg_openbsd/gencode-remote
+++ b/conf/type/__package_pkg_openbsd/gencode-remote
@@ -42,7 +42,11 @@ else
    name="$__object_id"
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
 
 pkg_version="$(cat "$__object/explorer/pkg_version")"
 
diff --git a/conf/type/__package_pkg_openbsd/man.text b/conf/type/__package_pkg_openbsd/man.text
index 19bb2094..8fcc3216 100644
--- a/conf/type/__package_pkg_openbsd/man.text
+++ b/conf/type/__package_pkg_openbsd/man.text
@@ -15,8 +15,7 @@ This type is usually used on OpenBSD to manage packages.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -27,6 +26,9 @@ name::
 flavor::
     If supplied, use to avoid ambiguity.
 
+state::
+    The state the package should be in, either "present" or "absent"
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_pkg_openbsd/parameter/optional b/conf/type/__package_pkg_openbsd/parameter/optional
index 29b123ef..77fd22b3 100644
--- a/conf/type/__package_pkg_openbsd/parameter/optional
+++ b/conf/type/__package_pkg_openbsd/parameter/optional
@@ -1,2 +1,3 @@
 name
 flavor
+state
diff --git a/conf/type/__package_pkg_openbsd/parameter/required b/conf/type/__package_pkg_openbsd/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_pkg_openbsd/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_rubygem/gencode-remote b/conf/type/__package_rubygem/gencode-remote
index dc755ad3..6256e308 100755
--- a/conf/type/__package_rubygem/gencode-remote
+++ b/conf/type/__package_rubygem/gencode-remote
@@ -27,7 +27,11 @@ else
     name="$__object_id"
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
 
 if grep -q true "$__object/explorer/pkg_status"; then
     state_is="present"
diff --git a/conf/type/__package_rubygem/man.text b/conf/type/__package_rubygem/man.text
index afe2b358..feefe699 100644
--- a/conf/type/__package_rubygem/man.text
+++ b/conf/type/__package_rubygem/man.text
@@ -15,8 +15,7 @@ Rubygems is the default package management system for the Ruby programming langu
 
 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
 name::
     If supplied, use the name and not the object id as the package name.
 
+state::
+    The state the package should be in, either "present" or "absent"
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_rubygem/parameter/optional b/conf/type/__package_rubygem/parameter/optional
index f121bdbf..1b423dc4 100644
--- a/conf/type/__package_rubygem/parameter/optional
+++ b/conf/type/__package_rubygem/parameter/optional
@@ -1 +1,2 @@
 name
+state
diff --git a/conf/type/__package_rubygem/parameter/required b/conf/type/__package_rubygem/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_rubygem/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_yum/gencode-remote b/conf/type/__package_yum/gencode-remote
index 5f0e8ac8..9c98c257 100755
--- a/conf/type/__package_yum/gencode-remote
+++ b/conf/type/__package_yum/gencode-remote
@@ -27,7 +27,11 @@ else
    name="$__object_id"
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
 
 if grep -q -E "(centos|redhat|amazon)" "$__global/explorer/os"; then
     opts="-y --quiet"
diff --git a/conf/type/__package_yum/man.text b/conf/type/__package_yum/man.text
index 4aa3ddc0..9aabf7fb 100644
--- a/conf/type/__package_yum/man.text
+++ b/conf/type/__package_yum/man.text
@@ -17,8 +17,7 @@ slightly confusing error message "Error: Nothing to do".
 
 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -26,6 +25,10 @@ OPTIONAL PARAMETERS
 name::
     If supplied, use the name and not the object id as the package name.
 
+state::
+    The state the package should be in, either "present" or "absent"
+    (the old values "installed" or "removed" will be removed in cdist 2.1).
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_yum/parameter/optional b/conf/type/__package_yum/parameter/optional
index f121bdbf..1b423dc4 100644
--- a/conf/type/__package_yum/parameter/optional
+++ b/conf/type/__package_yum/parameter/optional
@@ -1 +1,2 @@
 name
+state
diff --git a/conf/type/__package_yum/parameter/required b/conf/type/__package_yum/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_yum/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__package_zypper/gencode-remote b/conf/type/__package_zypper/gencode-remote
index 3323d6b1..ca9aec33 100755
--- a/conf/type/__package_zypper/gencode-remote
+++ b/conf/type/__package_zypper/gencode-remote
@@ -33,7 +33,11 @@ else
    name="$__object_id"
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+if [ -f "$__object/parameter/state" ]; then
+   state_should="$(cat "$__object/parameter/state")"
+else
+   state_should="present"
+fi
 
 # Exit if nothing is needed to be done
 [ "$state_is" = "$state_should" ] && exit 0
diff --git a/conf/type/__package_zypper/man.text b/conf/type/__package_zypper/man.text
index 9cff9706..702d51e5 100644
--- a/conf/type/__package_zypper/man.text
+++ b/conf/type/__package_zypper/man.text
@@ -15,8 +15,7 @@ Zypper is usually used on the SuSE distribution to manage packages.
 
 REQUIRED PARAMETERS
 -------------------
-state::
-    The state the package should be in, either "present" or "absent"
+None
 
 
 OPTIONAL PARAMETERS
@@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
 name::
     If supplied, use the name and not the object id as the package name.
 
+state::
+    The state the package should be in, either "present" or "absent"
+
 
 EXAMPLES
 --------
diff --git a/conf/type/__package_zypper/parameter/optional b/conf/type/__package_zypper/parameter/optional
index f121bdbf..1b423dc4 100644
--- a/conf/type/__package_zypper/parameter/optional
+++ b/conf/type/__package_zypper/parameter/optional
@@ -1 +1,2 @@
 name
+state
diff --git a/conf/type/__package_zypper/parameter/required b/conf/type/__package_zypper/parameter/required
deleted file mode 100644
index ff72b5c7..00000000
--- a/conf/type/__package_zypper/parameter/required
+++ /dev/null
@@ -1 +0,0 @@
-state
diff --git a/conf/type/__pf_apply/explorer/rcvar b/conf/type/__pf_apply/explorer/rcvar
new file mode 100755
index 00000000..20e9dfcc
--- /dev/null
+++ b/conf/type/__pf_apply/explorer/rcvar
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Get the location of the pf ruleset on the target host.
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
+
+RC="/etc/rc.conf"
+PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
+echo ${PFCONF:-"/etc/pf.conf"}
+
+# Debug
+#set +x
+
diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote
new file mode 100755
index 00000000..f7c889b4
--- /dev/null
+++ b/conf/type/__pf_apply/gencode-remote
@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Apply pf(4) ruleset on *BSD
+#
+
+# Debug
+#exec >&2
+#set -x
+
+rcvar=$(cat "$__object/explorer/rcvar")
+
+cat <<EOF
+if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf
+   # Disable pf
+   # If it already is disabled, pfctl -d returns 1, go on with life
+   pfctl -d || true
+   # Cleanup
+   rm -f "${rcvar}.old"
+elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it
+   # Ensure that pf is enabled in the first place
+   # If it already is enabled, pfctl -e returns 1, go on with life
+   mv "${rcvar}.new" "${rcvar}"
+   pfctl -e || true
+   pfctl -f "${rcvar}"
+   if [ "\$?" -ne "0" ]; then # failed to configure new ruleset
+      echo "Failed to configure the new ruleset on ${__target_host}!" >&2
+   fi
+fi
+EOF
+
+# Debug
+#set +x
+
diff --git a/conf/type/__pf_apply/man.text b/conf/type/__pf_apply/man.text
new file mode 100644
index 00000000..55bf5745
--- /dev/null
+++ b/conf/type/__pf_apply/man.text
@@ -0,0 +1,52 @@
+cdist-type__pf_apply(7)
+==================================
+Jake Guffey <jake.guffey--@--eprotex.com>
+
+
+NAME
+----
+cdist-type__pf_apply - Apply pf(4) ruleset on *BSD
+
+
+DESCRIPTION
+-----------
+This type is used on *BSD systems to manage the pf firewall's active ruleset.
+
+
+REQUIRED PARAMETERS
+-------------------
+NONE
+
+
+OPTIONAL PARAMETERS
+-------------------
+NONE
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Modify the ruleset on $__target_host:
+__pf_ruleset --state present --source /my/pf/ruleset.conf
+require="__pf_ruleset" \
+   __pf_apply
+
+# Remove the ruleset on $__target_host (implies disabling pf(4):
+__pf_ruleset --state absent
+require="__pf_ruleset" \
+   __pf_apply
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist-type__pf_ruleset(7)
+- pf(4)
+
+
+COPYING
+-------
+Copyright \(C) 2012 Jake Guffey. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).
diff --git a/conf/type/__pf_apply/singleton b/conf/type/__pf_apply/singleton
new file mode 100644
index 00000000..e69de29b
diff --git a/conf/type/__pf_ruleset/explorer/cksum b/conf/type/__pf_ruleset/explorer/cksum
new file mode 100755
index 00000000..f8679836
--- /dev/null
+++ b/conf/type/__pf_ruleset/explorer/cksum
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Get the 256 bit SHA2 checksum of the pf ruleset on the target host.
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
+# See if file exists and if so, get checksum
+
+RC="/etc/rc.conf"
+TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
+PFCONF="${TMP:-"/etc/pf.conf"}"
+
+if [ -f "${PFCONF}" ]; then	# The pf config file exists, find its cksum.
+	cksum -o 1 ${PFCONF} | cut -d= -f2 | awk '{print $1}'
+fi
+
+# Debug
+#set +x
+
diff --git a/conf/type/__pf_ruleset/explorer/rcvar b/conf/type/__pf_ruleset/explorer/rcvar
new file mode 100755
index 00000000..20e9dfcc
--- /dev/null
+++ b/conf/type/__pf_ruleset/explorer/rcvar
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Get the location of the pf ruleset on the target host.
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
+
+RC="/etc/rc.conf"
+PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
+echo ${PFCONF:-"/etc/pf.conf"}
+
+# Debug
+#set +x
+
diff --git a/conf/type/__pf_ruleset/gencode-local b/conf/type/__pf_ruleset/gencode-local
new file mode 100644
index 00000000..c2495509
--- /dev/null
+++ b/conf/type/__pf_ruleset/gencode-local
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Manage pf(4) on *BSD
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Send files to $__target_host via $__remote_copy
+
+uname=$(uname)   # Need to know what the cdist host is running so we know how to compute the ruleset's checksum
+state=$(cat "$__object/parameter/state")
+
+if [ "$state" = "absent" ]; then   # There is nothing more for a *local* script to do
+   exit 0
+fi
+
+if [ -f "$__object/parameter/source" ]; then
+   source=$(cat "$__object/parameter/source")
+fi
+
+rcvar=$(cat "$__object/explorer/rcvar")
+cksum=$(cat "$__object/explorer/cksum")
+
+
+cat <<EOF
+case $uname in
+   Darwin)
+      currentSum=\$(cksum -o 1 ${source} | cut '-d ' -f1)
+      ;;
+   Linux)
+      currentSum=\$(cksum ${source} | cut '-d ' -f1)
+      ;;
+   FreeBSD)
+      currentSum=\$(cksum -o 1 ${source} | cut -d= -f2 | sed 's/ //g')
+      ;;
+   *)
+      echo "Sorry, I do not know how to find a cksum on ${UNAME}." >&2
+      exit 1
+      ;;
+esac
+
+if [ -n "${cksum}" ]; then
+   if [ ! "\${currentSum}" = "${cksum}" ]; then
+      $__remote_copy "${source}" "$__target_host:${rcvar}.new"
+   fi
+else # File just doesn't exist yet
+   $__remote_copy "${source}" "$__target_host:${rcvar}.new"
+fi
+EOF
+
+# Debug
+#exec +x
+
diff --git a/conf/type/__pf_ruleset/gencode-remote b/conf/type/__pf_ruleset/gencode-remote
new file mode 100644
index 00000000..6e9030ea
--- /dev/null
+++ b/conf/type/__pf_ruleset/gencode-remote
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# 2012 Jake Guffey (jake.guffey at eprotex.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Manage pf(4) on *BSD
+#
+
+# Debug
+#exec >&2
+#set -x
+
+# Remove ${rcvar} in the case of --state absent
+
+state=$(cat "$__object/parameter/state")
+rcvar=$(cat "$__object/explorer/rcvar")
+
+if [ "$state" = "present" ]; then   # There is nothing more for a *remote* script to do
+   exit 0
+elif [ "$state" = "absent" ]; then
+   # --state absent, so ensure that .new doesn't exist and that conf is renamed to .old
+   cat <<EOF
+   if [ -f "${rcvar}.new" ]; then
+      rm "${rcvar}.new"
+   fi
+   if [ -f "${rcvar}" ]; then
+      mv "${rcvar}" "${rcvar}.old"
+   fi
+EOF
+else
+   echo "Unknown state ${state}!" >&2
+   exit 1
+fi
+
diff --git a/conf/type/__pf_ruleset/man.text b/conf/type/__pf_ruleset/man.text
new file mode 100644
index 00000000..68601fad
--- /dev/null
+++ b/conf/type/__pf_ruleset/man.text
@@ -0,0 +1,51 @@
+cdist-type__pf_ruleset(7)
+==================================
+Jake Guffey <jake.guffey--@--eprotex.com>
+
+
+NAME
+----
+cdist-type__pf_ruleset - Copy a pf(4) ruleset to $__target_host
+
+
+DESCRIPTION
+-----------
+This type is used on *BSD systems to manage the pf firewall's ruleset.
+
+
+REQUIRED PARAMETERS
+-------------------
+state::
+   Either "absent" (no ruleset at all) or "present"
+
+
+OPTIONAL PARAMETERS
+-------------------
+source::
+   If supplied, use to define the ruleset to load onto the $__target_host for pf(4).
+   Note that this type is almost useless without a ruleset defined, but it's technically not
+   needed, e.g. for the case of disabling the firewall temporarily.
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# Remove the current ruleset in place
+__pf_ruleset --state absent
+
+# Enable the firewall with the ruleset defined in $__manifest/files/pf.conf
+__pf_ruleset --state present --source $__manifest/files/pf.conf
+
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- pf(4)
+
+
+COPYING
+-------
+Copyright \(C) 2012 Jake Guffey. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).
diff --git a/conf/type/__pf_ruleset/parameter/optional b/conf/type/__pf_ruleset/parameter/optional
new file mode 100644
index 00000000..5a18cd2f
--- /dev/null
+++ b/conf/type/__pf_ruleset/parameter/optional
@@ -0,0 +1 @@
+source
diff --git a/conf/type/__package/parameter/required b/conf/type/__pf_ruleset/parameter/required
similarity index 100%
rename from conf/type/__package/parameter/required
rename to conf/type/__pf_ruleset/parameter/required
diff --git a/conf/type/__pf_ruleset/singleton b/conf/type/__pf_ruleset/singleton
new file mode 100644
index 00000000..e69de29b
diff --git a/conf/type/__qemu_img/man.text b/conf/type/__qemu_img/man.text
index e2442172..3e16f957 100644
--- a/conf/type/__qemu_img/man.text
+++ b/conf/type/__qemu_img/man.text
@@ -32,7 +32,7 @@ EXAMPLES
 --------
 
 --------------------------------------------------------------------------------
-# Ensure zsh in installed
+# Create a 50G size image
 __qemu_img /home/services/kvm/vm/myvmname/system-disk --size 50G
 
 # Remove image
diff --git a/conf/type/__rvm/explorer/state b/conf/type/__rvm/explorer/state
index d0da0d86..f43f5509 100755
--- a/conf/type/__rvm/explorer/state
+++ b/conf/type/__rvm/explorer/state
@@ -19,8 +19,18 @@
 #
 
 user="$__object_id"
-if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then
-   echo "present"
+
+# RVM behaves differently if root is the username / uid == 0
+if [ "$user" = "root" ]; then
+    if [ -d /usr/local/rvm ]; then
+        echo present
+    else
+        echo absent
+    fi
 else
-   echo "absent"
+    if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then
+       echo "present"
+    else
+       echo "absent"
+    fi
 fi
diff --git a/conf/type/__rvm/gencode-remote b/conf/type/__rvm/gencode-remote
index 6c661302..aa6ef647 100755
--- a/conf/type/__rvm/gencode-remote
+++ b/conf/type/__rvm/gencode-remote
@@ -25,7 +25,7 @@ if [ "$state_is" != "$state_should" ]; then
    case "$state_should" in
       present)
          cat << DONE
-su - $user -c "curl -L get.rvm.io | bash -s stable"
+su - $user -c "unset rvm_path; unset rvm_bin_path; unset rvm_prefix; unset rvm_version; curl -L get.rvm.io | bash -s stable"
 DONE
       ;;
       absent)
diff --git a/conf/type/__rvm_gemset/gencode-remote b/conf/type/__rvm_gemset/gencode-remote
index 75cc833a..1604538d 100755
--- a/conf/type/__rvm_gemset/gencode-remote
+++ b/conf/type/__rvm_gemset/gencode-remote
@@ -23,7 +23,7 @@ ruby="$(echo "$gemset" | cut -d '@' -f 1)"
 gemsetname="$(echo "$gemset" | cut -d '@' -f 2)"
 state_is="$(cat "$__object/explorer/state")"
 user="$(cat "$__object/parameter/user")"
-default="$(cat "$__object/parameter/default")"
+default="$(cat "$__object/parameter/default" 2>/dev/null || true)"
 state_should="$(cat "$__object/parameter/state")"
 if [ "$state_is" != "$state_should" ]; then
    case "$state_should" in
diff --git a/conf/type/__rvm_ruby/gencode-remote b/conf/type/__rvm_ruby/gencode-remote
index b25b4fe9..0003cfe7 100755
--- a/conf/type/__rvm_ruby/gencode-remote
+++ b/conf/type/__rvm_ruby/gencode-remote
@@ -21,8 +21,9 @@
 ruby="$__object_id"
 state_is="$(cat "$__object/explorer/state")"
 user="$(cat "$__object/parameter/user")"
-default="$(cat "$__object/parameter/default")"
+default="$(cat "$__object/parameter/default" 2>/dev/null || true)"
 state_should="$(cat "$__object/parameter/state")"
+
 if [ "$state_is" != "$state_should" ]; then
    case "$state_should" in
       present)
diff --git a/doc/changelog b/doc/changelog
index 2f9ecef5..05d6d96b 100644
--- a/doc/changelog
+++ b/doc/changelog
@@ -8,6 +8,9 @@ Changelog
 	* Core: Make variable __object_name available in type explorers (Steven Armtrong)
 	* New Type: __qemu_img
 	* New Type: __line
+	* New Type: __pf_apply (Jake Guffey)
+	* New Type: __pf_ruleset (Jake Guffey)
+	* Bugfix Type: __rvm: Make type work if rvm is already installed
 
 2.0.14: 2012-09-07
 	* Bugfix Type: __jail: Use correct variable (Jake Guffey)
diff --git a/doc/gfx/font-used b/doc/gfx/font-used
new file mode 100644
index 00000000..46d3e5d3
--- /dev/null
+++ b/doc/gfx/font-used
@@ -0,0 +1 @@
+fraktur