diff --git a/binaries/freebsd-x64/dvtws b/binaries/freebsd-x64/dvtws
index e460b08..4313431 100755
Binary files a/binaries/freebsd-x64/dvtws and b/binaries/freebsd-x64/dvtws differ
diff --git a/nfq/darkmagic.c b/nfq/darkmagic.c
index 72df4ad..6db6e14 100644
--- a/nfq/darkmagic.c
+++ b/nfq/darkmagic.c
@@ -903,7 +903,7 @@ static int *rawsend_family_sock(sa_family_t family)
 }
 
 #ifdef BSD
-static int rawsend_socket_divert(sa_family_t family)
+int rawsend_socket_divert(sa_family_t family)
 {
 	// HACK HACK HACK HACK HACK HACK HACK HACK
 	// FreeBSD doesnt allow IP_HDRINCL for IPV6
@@ -911,7 +911,14 @@ static int rawsend_socket_divert(sa_family_t family)
 	// we either have to go to the link layer (its hard, possible problems arise, compat testing, ...) or use some HACKING
 	// from my point of view disabling direct ability to send ip frames is not security. its SHIT
 
-	int fd = socket(family, SOCK_RAW, IPPROTO_DIVERT);
+	int fd,err;
+	
+	// freebsd14+ way
+	fd = socket(PF_DIVERT, SOCK_RAW, 0);
+	err=errno;
+	if (fd==-1 && (err==EPROTONOSUPPORT || err==EAFNOSUPPORT || err==EPFNOSUPPORT))
+		// legacy way
+		fd = socket(family, SOCK_RAW, IPPROTO_DIVERT);
 	if (fd!=-1 && !set_socket_buffers(fd,4096,RAW_SNDBUF))
 	{
 		close(fd);
diff --git a/nfq/darkmagic.h b/nfq/darkmagic.h
index 06c9eaf..5b1ce3a 100644
--- a/nfq/darkmagic.h
+++ b/nfq/darkmagic.h
@@ -11,6 +11,17 @@
 #include <netinet/in.h>
 #include <sys/socket.h>
 
+#ifndef IPPROTO_DIVERT
+#define IPPROTO_DIVERT 258
+#endif
+
+#ifndef AF_DIVERT
+#define	AF_DIVERT	44	/* divert(4) */
+#endif
+#ifndef PF_DIVERT
+#define PF_DIVERT AF_DIVERT
+#endif
+
 // returns netorder value
 uint32_t net32_add(uint32_t netorder_value, uint32_t cpuorder_increment);
 uint32_t net16_add(uint16_t netorder_value, uint16_t cpuorder_increment);
@@ -128,6 +139,8 @@ bool rawsend_preinit(bool bind_fix4, bool bind_fix6);
 // cleans up socket autocreated by rawsend
 void rawsend_cleanup(void);
 
+int rawsend_socket_divert(sa_family_t family);
+
 const char *proto_name(uint8_t proto);
 uint16_t family_from_proto(uint8_t l3proto);
 void print_ip(const struct ip *ip);
diff --git a/nfq/nfqws.c b/nfq/nfqws.c
index 25ad80f..f1210ef 100644
--- a/nfq/nfqws.c
+++ b/nfq/nfqws.c
@@ -35,10 +35,6 @@
 #define NF_ACCEPT 1
 #endif
 
-#ifndef IPPROTO_DIVERT
-#define IPPROTO_DIVERT 258
-#endif
-
 #define CTRACK_T_SYN	60
 #define CTRACK_T_FIN	60
 #define CTRACK_T_EST	300
@@ -357,7 +353,7 @@ static int dvt_main(void)
 		bp4.sin_addr.s_addr = INADDR_ANY;
 	
 		printf("creating divert4 socket\n");
-		fd[0] = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT);
+		fd[0] = rawsend_socket_divert(AF_INET);
 		if (fd[0] == -1) {
 				perror("socket (DIVERT4)");
 			goto exiterr;
@@ -382,7 +378,7 @@ static int dvt_main(void)
 		bp6.sin6_port = htons(params.port);
 	
 		printf("creating divert6 socket\n");
-		fd[1] = socket(AF_INET6, SOCK_RAW, IPPROTO_DIVERT);
+		fd[1] = rawsend_socket_divert(AF_INET6);
 		if (fd[1] == -1) {
 			perror("socket (DIVERT6)");
 			goto exiterr;