When I was logged into the shell to restart pf, I got the error in the subject line which seems odd/worrisome:
root@firewall:~ # service pf onerestart
Disabling pf.
/etc/rc.d/pf: WARNING: /etc/pf.conf is not readable.
As you will see, the file simply isn't there:
root@firewall:~ # cat /etc/pf.conf
cat: /etc/pf.conf: No such file or directory
This is not how you restart most services on OPNsense.
configctl filter reload
I am not 100% certain but i imagine that is the location on a vanilla freebsd install of pf but on OPN the command gets issued with the OPN's own location of the config file. That's to say it probably needs issuing either with #service pf onerestart -c /path/to/file or maybe a template defines it, or even an opn-specific command.
Edit: writing at the same time. There you go.
So my issue is that I'm trying to set up a site-to-site WireGuard arrangement. The system I'm referring to is an OPNsense 24.1 install with a singular WAN port. Each time I make any changes that seem to effect the firewall I have to do something to make it responsive again for the web admin interface. I couldn't think of anything to do while I only had LISH (console access via Linode) access except something basic, and this "service pf onerestart" is what worked to push the system into responsiveness again on the web interface. I even found this to be true with direct ssh remote access as well - same problem, had to go to LISH and issue "service pf onerestart" to get ssh to respond...