--- fwsync/patches/ip_fw2.patch	2022/08/09 23:42:44	1.3
+++ fwsync/patches/ip_fw2.patch	2022/08/19 09:41:25	1.5
@@ -1,18 +1,19 @@
 diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
-index 99d3a9c58cb..18c5664871a 100644
+index 99d3a9c58cb..0f9badd08a0 100644
 --- a/sys/netpfil/ipfw/ip_fw2.c
 +++ b/sys/netpfil/ipfw/ip_fw2.c
-@@ -186,6 +186,9 @@ ipfw_nat_cfg_t *ipfw_nat_del_ptr;
+@@ -186,6 +186,10 @@ ipfw_nat_cfg_t *ipfw_nat_del_ptr;
  ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr;
  ipfw_nat_cfg_t *ipfw_nat_get_log_ptr;
  
 +VNET_DEFINE(ipfw_hook_t, hook_state) = NULL;
 +VNET_DEFINE(ipfw_hook_t, sync_state) = NULL;
++VNET_DEFINE(ipfw_hook_t, sync_alias) = NULL;
 +
  #ifdef SYSCTL_NODE
  uint32_t dummy_def = IPFW_DEFAULT_RULE;
  static int sysctl_ipfw_table_num(SYSCTL_HANDLER_ARGS);
-@@ -2866,6 +2869,9 @@ do {								\
+@@ -2866,6 +2870,9 @@ do {								\
  				if (cmd->opcode == O_CHECK_STATE)
  					l = 0;	/* exit inner loop */
  				match = 1;
@@ -22,3 +23,13 @@ index 99d3a9c58cb..18c5664871a 100644
  				break;
  
  			case O_SKIP_ACTION:
+@@ -3200,6 +3207,9 @@ do {								\
+ 				 * non IPv4 packets. Libalias expects only IPv4.
+ 				 */
+ 				if (!is_ipv4 || !IPFW_NAT_LOADED) {
++					/* purge waiting aliases for sync */
++					if (V_sync_alias)
++						V_sync_alias(NULL, NULL);
+ 				    retval = IP_FW_DENY;
+ 				    break;
+ 				}