Problem trying to use NPF

[Mike Pumford <mpumford%mudcovered.org.uk@localhost>]

I'm doing some experimination with NPF in a VM to see if I can replace 
ipf on my external firewall but I'm running into a very simple problem. 
I can't get the rules to load at start of day.

This looks to me like kern/49119 but on a NetBSD 7.0-STABLE system built 
from sources fetched yesterday.

Kernel config is unmodified GENERIC.

Machine has 2 interfaces:

wm0: statically configured to 192.168.1.70
wm1: DHCP assigned in the range 192.168.56.0/24

And I'm using the following nfp.conf:
#
# Simple test NPF config for VM

$ext_if = "wm0"
$ext_v4 = inet4(wm0)
$ext_v6 = inet6(wm0)
$int_if = "wm1"
$ext_addrs = { inet4(wm0) , inet6(wm0) }
$services_tcp = { ssh , pop3 }

$localnet = { 192.168.56.0/24 }


map $ext_if dynamic 192.168.56.0/24 -> $ext_v4


group "external" on $ext_if {
    pass stateful out final all
    pass stateful in final proto tcp to $ext_v4 port $services_tcp
    pass stateful in final proto tcp to $ext_v6 port $services_tcp
}

group "internal" on $int_if {
     block in all;
     pass in final from $localnet
     pass out final all
 }

 group default {
     pass final on lo0 all
     block all
 }

There are no errors in rc.log:
[running /etc/rc.d/network]
Starting network.
Hostname: vorlon-netbsd.mudcovered.org.uk
IPv6 mode: host
Configuring network interfaces: wm0 wm1.
Adding interface aliases:.
Waiting for DAD completion for statically configured addresses...
[running /etc/rc.d/wpa_supplicant]
[running /etc/rc.d/dhclient]
[running /etc/rc.d/dhcpcd]
Starting dhcpcd.
[running /etc/rc.d/ldpd]
[running /etc/rc.d/npf]
Enabling NPF.

But at the end of of the init process npfctl show reports:
# filtering:    inactive
# config:       loaded

Manually running /etc/rc.d/npf start AFTER start of day works. What do I 
need to do to get this to work?

Mike