From 717583c733ee94ea5a9e282a4312de770b5439c1 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Thu, 8 Sep 2022 21:46:02 +0300
Subject: [PATCH] bsd docs: newer pfsense ipfw trick

---
 docs/bsd.eng.md | 6 ++++++
 docs/bsd.txt    | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/docs/bsd.eng.md b/docs/bsd.eng.md
index 03f865e..65e4420 100644
--- a/docs/bsd.eng.md
+++ b/docs/bsd.eng.md
@@ -192,14 +192,20 @@ Then it becomes possible to install all the required software including git to d
 
 kldload ipfw
 kldload ipdivert
+
+# for older pfsense versions. newer do not have these sysctls
 sysctl net.inet.ip.pfil.outbound=ipfw,pf
 sysctl net.inet.ip.pfil.inbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
+
 ipfw delete 100
 ipfw add 100 divert 989 tcp from any to any 80,443 out not diverted not sockarg xmit em0
 pkill ^dvtws$
 dvtws --daemon --port 989 --dpi-desync=split2
+
+# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
+pfctl -d ; pfctl -e
 ```
 
 I could not make tpws work from ipfw. Looks like there's some conflict between two firewalls.
diff --git a/docs/bsd.txt b/docs/bsd.txt
index b3a809b..f09c85f 100644
--- a/docs/bsd.txt
+++ b/docs/bsd.txt
@@ -192,14 +192,20 @@ ipset скрипты работают, крон есть. Можно сдела
 
 kldload ipfw
 kldload ipdivert
+
+# for older pfsense versions. newer do not have these sysctls
 sysctl net.inet.ip.pfil.outbound=ipfw,pf
 sysctl net.inet.ip.pfil.inbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
+
 ipfw delete 100
 ipfw add 100 divert 989 tcp from any to any 80,443 out not diverted not sockarg xmit em0
 pkill ^dvtws$
 dvtws --daemon --port 989 --dpi-desync=split2
+
+# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
+pfctl -d ; pfctl -e
 -----------
 
 Что касается tpws, то видимо имеется некоторый конфликт двух фаерволов, и правила fwd в ipfw не работают.