Did you read pfctl(8) ?
On Wed, Apr 11, 2007 at 10:44:44AM -0700, christian johansson wrote:
> I had to set up a linux firewall the other day, and I used the iptables
> script generating program shorewall.
> While pulling my hair over how ugly the iptables stuff (even via shorewall)
> is compared to OpenBSDs nice clean PF syntax, I did find one very nice
> feature in shorewall - safe restart.
>
> When safe restarting, shorewall will implement all rules in the iptables
> config files, then give the user a prompt: keep rules y/n?
>
> If 'yes' the rules are kept and everyone is happy. If 'no', iptables are
> disabled and all traffic let in. If no answer then default to answer 'no'
> after 60 seconds.
> Very useful, even if just for the added peace of mind when applying new
> changes.
>
> Is there a ready made script accomplishing this for openbsd / pf? Or any
> plans of building such functionality?
>
> Christian
