diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_packetfilter.sh b/roles/nagios-nrpe/files/plugins_bsd/check_packetfilter.sh
new file mode 100644
index 0000000..4f064c1
--- /dev/null
+++ b/roles/nagios-nrpe/files/plugins_bsd/check_packetfilter.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+  
+. /usr/local/libexec/nagios/utils.sh
+
+is_pf_disabled() {
+    if [ -f /etc/rc.conf.local ]; then
+        grep -q "pf=NO" /etc/rc.conf.local
+    else
+        # If /etc/rc.conf.local does not exist, pf cannot be disabled
+        # If 0 then pf is disabled, so if /etc/rc.conf.local does not exist we have to return 1 => pf is not disabled
+        return 1
+    fi
+}
+
+is_pf_started() {
+    pfctl -si | grep -q "Status: Enabled for"
+}
+
+main() {
+    if ! is_pf_disabled; then
+        if is_pf_started; then
+            echo "OK: PacketFilter is enabled and started."
+            exit "${STATE_OK}"
+        else
+            echo "CRITICAL: PacketFilter is enabled but not started."
+            exit "${STATE_CRITICAL}"
+        fi
+    else
+        if is_pf_started; then
+            echo "WARNING: PacketFilter is started but not enabled."
+            exit "${STATE_WARNING}"
+        else
+            echo "CRITICAL: PacketFilter is disabled and not started."
+            exit "${STATE_CRITICAL}"
+        fi
+    fi
+
+}
+
+main