On NetBSD 2.0 and newer PF is available as a loadable kernel module, installed via packages as pkgsrc/security/pflkm or compiled into a static kernel configuration. In NetBSD 3.0 onwards, PF is part of the base system.
If you want to enable PF in your kernel configuration (rather than loading the kernel module), you add these lines to your kernel configuration:
pseudo-device pf # PF packet filter pseudo-device pflog # PF log interface
In /etc/rc.conf you need the lines
lkm="YES" # do load kernel modules pf=YES pflogd=YES
to enable loadable kernel modules, PF and the PF log interface, respectively.
If you installed the module, you load it with NetBSD$ sudo modload /usr/lkm/pf.o, followed by NetBSD$ sudo pfctl -e to enable PF. Alternatively, you can run the rc scripts, NetBSD$ sudo /etc/rc.d/pf start to enable PF and NetBSD$ sudo /etc/rc.d/pflogd start to enable the logging.
To load the module automatically at startup, add the following line to /etc/lkm.conf:
/usr/lkm/pf.o - - - - AFTERMOUNT
If it's still all correct at this point, you are ready to create your first PF rule set.