View Single Post
  #4   (View Single Post)  
Old 29th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,911

The ruleset load at boot time is performed by rc(8) with pfctl. There are two phases:
  1. An initial, temporary ruleset is loaded through an sh(1) here document, then PF is enabled.
  2. An attempt is made to execute "pfctl -f /etc/pf.conf"
In the event the admin's ruleset fails to load, the temporary ruleset remains in place.

Because there is no difference in function from rc()'s load of the ruleset and your manual execution of pfctl, I will guess that there was a failure to load by rc(), and the temporary ruleset was left in place. Of course, it's only a guess.
Reply With Quote