To test the ruleset in /etc/pf.conf, do the following:
sudo pfctl -n -f /etc/pf.conf
sudo pfctl -n -v -f /etc/pf.conf
The second pfctl command displays the rules you’ve created; however, it can be easy to miss a syntax error warning in the verbosity – the first command will make it easy to spot those.
You can test the ruleset by having a second, completely open firewall ruleset that you can revert to called pf.conf-open containing just:
pass all
Then do the following, as root:
pfctl -f /etc/pf.conf; sleep 90; pfctl -f /etc/pf-open.conf
When you’re ready to reload the ruleset permanently, use the FreeBSD start/stop script:
sudo /etc/rc.d/pf reload