> Why are you trying to change the security > level to -1? If you want to load a kernel module, you need simply to do > so before the system is running at securelevel 1 during the boot process.
Exactelly! I was wondering if it was possible to just load the module and pfctl/npfctl latter. With help on port-arm, there might be a solution, adding a file in /etc/rc.d and enabling it in /etc/rc.conf with "modload=YES". It might look like this: #!/bin/sh # # PROVIDE: modload # BEFORE: securelevel name=modload rcvar=$name command="/sbin/modload pf" load_rc_config $name run_rc_command "$1" I'm pretty much puzzled if wrong rc.d file could block boot process and brick the node. All this for a reason pf is old version, of which I do not recall proper syntax, compared to current. Never used npf and feel reluctant to load configuration on remote node, without safe net. First npfctl with addition to reboot without firewall. Best regards Zoran