From 793f4bb04f1ff67c36519fc9f055fb8ae7a4be29 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Thu, 8 Sep 2022 21:50:19 +0300
Subject: [PATCH] pfsense init.d ipfw trick

---
 init.d/pfsense/zapret.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/init.d/pfsense/zapret.sh b/init.d/pfsense/zapret.sh
index 2aa8998..9c434ac 100755
--- a/init.d/pfsense/zapret.sh
+++ b/init.d/pfsense/zapret.sh
@@ -6,11 +6,16 @@
 
 kldload ipfw
 kldload ipdivert
+
+# for older pfsense versions. newer do not have these sysctls
 sysctl net.inet.ip.pfil.outbound=ipfw,pf
 sysctl net.inet.ip.pfil.inbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
 
+# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
+pfctl -d ; pfctl -e
+
 # add ipfw rules and start daemon
 
 ipfw delete 100