From 5885b5411db7b36a4e9ac8afd5bd557aa2fb4e56 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sun, 27 Sep 2015 17:39:10 +0000
Subject: [PATCH] (trafficshaper) unload ipfw rules when all ipfw rules should
 be disabled, closes https://github.com/opnsense/core/issues/407

---
 src/etc/rc.ipfw.postload                      | 32 +++++++++++++++++++
 .../service/conf/actions.d/actions_ipfw.conf  |  2 +-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100755 src/etc/rc.ipfw.postload

diff --git a/src/etc/rc.ipfw.postload b/src/etc/rc.ipfw.postload
new file mode 100755
index 00000000000..b14bbf8fb47
--- /dev/null
+++ b/src/etc/rc.ipfw.postload
@@ -0,0 +1,32 @@
+#!/bin/sh
+#    Copyright (c) 2015 Deciso B.V.
+#    All rights reserved.
+#
+#    Redistribution and use in source and binary forms, with or without
+#    modification, are permitted provided that the following conditions are met:
+#
+#    1. Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#
+#    2. Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in the
+#     documentation and/or other materials provided with the distribution.
+#
+#    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+#    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+#    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+#    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+#    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+#    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+#    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+#    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+#    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+#    POSSIBILITY OF SUCH DAMAGE.
+
+#    flush ipfw rules when ipfw is not active anymore, avoid administrative down and still having rules loaded
+
+. /etc/rc.conf.d/ipfw
+
+if [ "$firewall_enable" != "YES" ]; then
+	/sbin/ipfw -f flush
+fi
diff --git a/src/opnsense/service/conf/actions.d/actions_ipfw.conf b/src/opnsense/service/conf/actions.d/actions_ipfw.conf
index 147b21a0f1e..5ac65e3fc1e 100644
--- a/src/opnsense/service/conf/actions.d/actions_ipfw.conf
+++ b/src/opnsense/service/conf/actions.d/actions_ipfw.conf
@@ -1,5 +1,5 @@
 [reload]
-command:/etc/rc.d/ipfw start
+command:/etc/rc.d/ipfw start; /usr/local/etc/rc.ipfw.postload
 parameters:
 type:script
 message:restarting ipfw