I am trying to programmatically block some egress and ingress connections using bsd packet filters. My program writes rules in a file and this file is loaded using an anchor in /etc/pf.conf (main ruleset) . Rules work as intended. But when there is network change like turn on/off wifi , and change in wifi nw the main ruleset is getting flushed and i have to reapply (pfctl -q -f /etc/pf.conf) to get the rules back in place.
Looking for guidance to keep the main ruleset intact irrespective of system changes.