diff --git a/init.d/pfsense/zapret.sh b/init.d/pfsense/zapret.sh
index 2aa8998..9c434ac 100755
--- a/init.d/pfsense/zapret.sh
+++ b/init.d/pfsense/zapret.sh
@@ -6,11 +6,16 @@
 
 kldload ipfw
 kldload ipdivert
+
+# for older pfsense versions. newer do not have these sysctls
 sysctl net.inet.ip.pfil.outbound=ipfw,pf
 sysctl net.inet.ip.pfil.inbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
 
+# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
+pfctl -d ; pfctl -e
+
 # add ipfw rules and start daemon
 
 ipfw delete 100