MacOS – LaunchDaemon for pf won’t load at startup

firewalllaunchdmacos

I have a plist in /Library/LaunchDaemons/ that should run as root on startup.

When I run sudo launchctl load /Library/LaunchDaemons/com.apple.pfctl.plist, it works. However on reboot it does not work.

Interestingly, after reboot, when I run that command it says /Library/LaunchDaemons/com.apple.pfctl.plist: service already loaded but it is not functioning. However, if I unload and load it works normally.

Nothing appears in my error reporting /tmp/pfctl.err.

My plist is here:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.pfctl</string>
<key>ProgramArguments</key>
        <array>
                <string>pfctl</string>
                <string>-e</string>
                <string>-f</string>
                <string>/etc/pf.conf</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
<key>StandardErrorPath</key>
<string>/tmp/pfctl.err</string>
<key>StandardOutPath</key>
<string>/tmp/pfctl.out</string>
</dict>
</plist>

Best Answer

The problem was that there is a default plist for pfctl at /System/Library/LaunchDaemons/com.apple.pfctl.plist. They were conflict.

In that plist I set <key>Disabled</key> to <true/>, and everything works as expected.

Related Question