diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc
index 28fcf6d62..6d4a481dc 100644
--- a/src/etc/inc/captiveportal.inc
+++ b/src/etc/inc/captiveportal.inc
@@ -214,10 +214,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 
         include("/var/etc/captiveportal-{$cpzone}-logout.html");
 
-    } else {
-        // TODO: remove? should be handled by login page
-        portal_reply_page($my_redirurl, "redir", "Just redirect the user.");
-    }
+    } 
 
     return $sessionid;
 }
@@ -230,10 +227,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 function captiveportal_init_rules($reinit = false) {
 
         $cpc = new OPNsense\CaptivePortal\CPClient();
-	if ($cpc->isEnabled()) {
-	    // load modules ( only if CP is enabled )
-	    captiveportal_load_modules();
-	}
         $cpc->reconfigure();
         unset($cpc);
 }
@@ -343,20 +336,11 @@ function captiveportal_load_modules() {
     mute_kernel_msgs();
     if (!is_module_loaded("ipfw.ko")) {
         mwexec("/sbin/kldload ipfw");
-        /* make sure ipfw is not on pfil hooks */
-        set_sysctl(array(
-            "net.inet.ip.pfil.inbound" => "pf", "net.inet6.ip6.pfil.inbound" => "pf",
-            "net.inet.ip.pfil.outbound" => "pf", "net.inet6.ip6.pfil.outbound" => "pf")
-        );
     }
-    /* Activate layer2 filtering */
-    set_sysctl(array("net.link.ether.ipfw" => "1", "net.inet.ip.fw.one_pass" => "1"));
-
     /* Always load dummynet now that even allowed ip and mac passthrough use it. */
     if (!is_module_loaded("dummynet.ko")) {
-        // TODO : enable dummynet when kernel issues are solved, dummynet currently disabled in the gui
-	//mwexec("/sbin/kldload dummynet");
-	//set_sysctl(array("net.inet.ip.dummynet.io_fast" => "1", "net.inet.ip.dummynet.hash_size" => "256"));
+	mwexec("/sbin/kldload dummynet");
+	set_sysctl(array("net.inet.ip.dummynet.io_fast" => "1", "net.inet.ip.dummynet.hash_size" => "256"));
     }
     unmute_kernel_msgs();
 }
@@ -367,6 +351,13 @@ function captiveportal_configure() {
     /* init ipfw rules */
     captiveportal_init_rules(true);
 
+    $cpc = new OPNsense\CaptivePortal\CPClient();
+    if ($cpc->isEnabled()) {
+        // load modules ( only if CP is enabled )
+        captiveportal_load_modules();
+	$cpc->reconfigure();
+    }
+
     if (is_array($config['captiveportal'])) {
         foreach ($config['captiveportal'] as $cpkey => $cp) {
             $cpzone = $cpkey;
@@ -519,10 +510,10 @@ EOD;
         /* start pruning process (interval defaults to 60 seconds) */
         mwexecf(
 		'/usr/local/bin/minicron %s %s %s %s',
-		 $croninterval,
+		 array($croninterval,
 		"/var/run/cp_prunedb_{$cpzone}.pid",
 		'/usr/local/etc/rc.prunecaptiveportal',
-		$cpzone
+		$cpzone)
 	);
 
         /* generate radius server database */
diff --git a/src/www/services_captiveportal.php b/src/www/services_captiveportal.php
index fb535b8a8..ee452a818 100644
--- a/src/www/services_captiveportal.php
+++ b/src/www/services_captiveportal.php
@@ -383,7 +383,7 @@ if ($_POST) {
 			$newcp['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
 
 		write_config();
-		captiveportal_configure_zone($newcp);
+		captiveportal_configure();
 		unset($newcp);
 		filter_configure();
 		header("Location: services_captiveportal_zones.php");
diff --git a/src/www/services_captiveportal_zones.php b/src/www/services_captiveportal_zones.php
index a041d1acb..84eac179c 100644
--- a/src/www/services_captiveportal_zones.php
+++ b/src/www/services_captiveportal_zones.php
@@ -43,7 +43,7 @@ if ($_GET['act'] == "del" && !empty($_GET['zone'])) {
 	if ($a_cp[$cpzone]) {
 		$cpzoneid = $a_cp[$cpzone]['zoneid'];
 		unset($a_cp[$cpzone]['enable']);
-		captiveportal_configure_zone($a_cp[$cpzone]);
+		captiveportal_configure();
 		unset($a_cp[$cpzone]);
 		if (isset($config['voucher'][$cpzone]))
 			unset($config['voucher'][$cpzone]);