Mac OS: pf rules not added automatically on install and not reloaded after reboot

[wpoortman]

There are two related issues with how magebox handles its pf firewall rules on macOS:

1. No automatic install — the two required magebox rules are not added to /etc/pf.conf during installation. Users must add them manually before the service becomes reachable.
2. No boot persistence — after a reboot, the rules are not automatically reloaded. Users must manually run sudo pfctl -ef /etc/pf.conf each time to restore port forwarding.

Steps to reproduce

1. Install magebox on a clean macOS system.
2. Attempt to access the service — it is unreachable because the pf rules are missing from /etc/pf.conf.
3. Manually add the two magebox rules to /etc/pf.conf and run sudo pfctl -ef /etc/pf.conf.
4. Confirm the service is now reachable.
5. Reboot the machine.
6. Attempt to access the service again — it is unreachable until sudo pfctl -ef /etc/pf.conf is run again manually.

Expected behaviour

The installer should add the required rules to /etc/pf.conf automatically, and a LaunchDaemon should ensure pfctl is reloaded on every boot — no manual steps required.

Actual behaviour

Users must manually add the pf rules before first use, and manually run sudo pfctl -ef /etc/pf.conf after every reboot.

Proposed fix

1. Have the installer automatically append the two required rules to /etc/pf.conf.
2. Register a LaunchDaemon plist that runs sudo pfctl -ef /etc/pf.conf on boot.

Environment

OS	macOS (version 26.4.1)
magebox version	1.15.0

[jakwinkler]

On it

[wpoortman]

Not only happens after reboot, also (as it looks) closing the macbook en re-open it without shutting it down... in other words, sleep mode? Running sudo pfctl -ef /etc/pf.conf immediately fixes it.

[jakwinkler]

@wpoortman fixed in:
#98
pf gets nulled on every reboot / wake
so with my friend Claude we just create a proxy that works ootb
tested on 2 macs, fully works.