pf.conf not loaded on reboot after 3.6 upgrade

[Jean-Christophe Sicard <jc_(_at_)_sic-net_(_dot_)_ca>]

Hi all,

I just upgraded my 3.5 firewall box to 3.6 through binary upgrade
followed by quick mergemaster.

The problem is that upon reboot, /etc/pf.conf is not loaded
automaticaly by rc eventhough it's configured correctly (pf=YES in
rc.conf.local, pf_rules=/etc/pf.conf as per default in rc.conf).  Upon
reboot, pfctl -s r shows the default ruleset (defined in rc) but doing
pfctl -f /etc/pf.conf just after that works fine and the rulset is
properly loaded...

I've added some debuging echos in rc as so:

------
if [ "X${pf}" != X"NO" ]; then
        if [ -f ${pf_rules} ]; then
                echo `pfctl -s r` > /var/log/rcpf
                pfctl -vf ${pf_rules} >> /var/log/rcpf
                echo `pfctl -s r` >> /var/log/rcpf
        fi
fi
-----

and the ouput in /var/log/rcpf shows the default rulset, followed by
the correctly interpreted /etc/pf.conf ruleset, followed by the
default rulset again!

No other related messages are logged in dmesg, messages or daemon.

What could prevent pfctl from working correctly at startup but work
fine after booting?


Oh, I also ran diff between the /usr/src/etc (downloaded from the
src.tar.gz) and /etc versions of rc and netstart and they are
identical.

Any ideas?


JC