(trafficshaper) unload ipfw rules when all ipfw rules should be disabled, closes https://github.com/opnsense/core/issues/407

src/etc/rc.ipfw.postload

@@ -0,0 +1,32 @@
+#!/bin/sh
+#    Copyright (c) 2015 Deciso B.V.
+#    All rights reserved.
+#
+#    Redistribution and use in source and binary forms, with or without
+#    modification, are permitted provided that the following conditions are met:
+#
+#    1. Redistributions of source code must retain the above copyright notice,
+#     this list of conditions and the following disclaimer.
+#
+#    2. Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in the
+#     documentation and/or other materials provided with the distribution.
+#
+#    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+#    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+#    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+#    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+#    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+#    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+#    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+#    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+#    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+#    POSSIBILITY OF SUCH DAMAGE.
+
+#    flush ipfw rules when ipfw is not active anymore, avoid administrative down and still having rules loaded
+
+. /etc/rc.conf.d/ipfw
+
+if [ "$firewall_enable" != "YES" ]; then
+	/sbin/ipfw -f flush
+fi

src/opnsense/service/conf/actions.d/actions_ipfw.conf

@@ -1,5 +1,5 @@
 [reload]
-command:/etc/rc.d/ipfw start
+command:/etc/rc.d/ipfw start; /usr/local/etc/rc.ipfw.postload
 parameters:
 type:script
 message:restarting ipfw