I might miss something from this thread. Would you, please, repeat what you did and what was the intent? I use pf on openbsd node and on rpi. As far as I know, you have to reload configuration file to have it on. Dynamically loaded rules could be a problem, due to disconnection of the session. I recall other firewalls doing what you want on linux, but it was eons ago. If I recall correctly, the rule is added if it matches something to block a behaveour. Not pf. Best regards
Zoran
