--- fwsync/patches/ip_fw2.patch	2022/06/22 13:01:55	1.1
+++ fwsync/patches/ip_fw2.patch	2022/08/19 09:41:25	1.5
@@ -1,14 +1,35 @@
 diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
-index 7b6cca68fd1..62995ba76be 100644
+index 99d3a9c58cb..0f9badd08a0 100644
 --- a/sys/netpfil/ipfw/ip_fw2.c
 +++ b/sys/netpfil/ipfw/ip_fw2.c
-@@ -186,6 +186,9 @@ ipfw_nat_cfg_t *ipfw_nat_del_ptr;
+@@ -186,6 +186,10 @@ ipfw_nat_cfg_t *ipfw_nat_del_ptr;
  ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr;
  ipfw_nat_cfg_t *ipfw_nat_get_log_ptr;
  
 +VNET_DEFINE(ipfw_hook_t, hook_state) = NULL;
-+VNET_DEFINE(ipfw_hook_t, hook_alias) = NULL;
++VNET_DEFINE(ipfw_hook_t, sync_state) = NULL;
++VNET_DEFINE(ipfw_hook_t, sync_alias) = NULL;
 +
  #ifdef SYSCTL_NODE
  uint32_t dummy_def = IPFW_DEFAULT_RULE;
  static int sysctl_ipfw_table_num(SYSCTL_HANDLER_ARGS);
+@@ -2866,6 +2870,9 @@ do {								\
+ 				if (cmd->opcode == O_CHECK_STATE)
+ 					l = 0;	/* exit inner loop */
+ 				match = 1;
++
++				if (cmd->opcode == O_CHECK_STATE && V_sync_state)
++					V_sync_state(NULL, NULL);
+ 				break;
+ 
+ 			case O_SKIP_ACTION:
+@@ -3200,6 +3207,9 @@ do {								\
+ 				 * non IPv4 packets. Libalias expects only IPv4.
+ 				 */
+ 				if (!is_ipv4 || !IPFW_NAT_LOADED) {
++					/* purge waiting aliases for sync */
++					if (V_sync_alias)
++						V_sync_alias(NULL, NULL);
+ 				    retval = IP_FW_DENY;
+ 				    break;
+ 				}