diff --git a/nfq/darkmagic.c b/nfq/darkmagic.c
index dcba3a2..0d4f25a 100644
--- a/nfq/darkmagic.c
+++ b/nfq/darkmagic.c
@@ -899,7 +899,12 @@ static int rawsend_socket_divert(sa_family_t family)
 	// we either have to go to the link layer (its hard, possible problems arise, compat testing, ...) or use some HACKING
 	// from my point of view disabling direct ability to send ip frames is not security. its SHIT
 
-	int fd = socket(family, SOCK_RAW, IPPROTO_DIVERT);
+	int fd;
+#if __FreeBSD_version >= 1400066 && defined(PF_DIVERT)
+	fd = socket(PF_DIVERT, SOCK_RAW, 0);
+#else
+	fd = socket(family, SOCK_RAW, IPPROTO_DIVERT);
+#endif
 	if (fd!=-1 && !set_socket_buffers(fd,4096,RAW_SNDBUF))
 	{
 		close(fd);
diff --git a/nfq/nfqws.c b/nfq/nfqws.c
index 8623fb0..6ea63d9 100644
--- a/nfq/nfqws.c
+++ b/nfq/nfqws.c
@@ -347,7 +347,11 @@ static int dvt_main()
 		bp4.sin_addr.s_addr = INADDR_ANY;
 	
 		printf("creating divert4 socket\n");
+#if __FreeBSD_version >= 1400066 && defined(PF_DIVERT)
+		fd[0] = socket(PF_DIVERT, SOCK_RAW, 0);
+#else
 		fd[0] = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT);
+#endif
 		if (fd[0] == -1) {
 				perror("socket (DIVERT4)");
 			goto exiterr;