diff --git a/remote/pfhup b/remote/pfhup
new file mode 100755
index 0000000..4229163
--- /dev/null
+++ b/remote/pfhup
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+if [ "$(id -u)" -ne 0 ]; then
+  printf 'Needs to be run only from the ssl-update service.\n' >&2
+  exit 1
+fi
+  
+if [ -z "$ssl_service" ]; then
+  printf 'Needs to be run only from the ssl-update service.\n' >&2
+  exit 1
+fi
+
+pfctl -n -f /etc/pf.conf
+if [ $? != 0 ]; then
+  printf 'Will not restart with a config error.\n' >&2
+  exit 1
+fi
+pfctl -d
+pfctl -e -f /etc/pf.conf