diff --git a/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml b/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
index 232fe03ad..afff86ea8 100644
--- a/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
@@ -146,6 +146,8 @@
ipv6
udp
tcp
+ tcp (ACK packets only)
+ tcp (non-ACK packages)
icmp
igmp
esp
diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
index 2d579bdd6..f6bc3e93e 100644
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@@ -154,20 +154,25 @@ add 60000 return via any
{% if rule.interface2 and helpers.getNodeByTag('interfaces.'+rule.interface2) %}
{# 2 interface defined, use both to match packets (2 rules) #}
add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
- helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
+ helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} recv {{
- helpers.getNodeByTag('interfaces.'+rule.interface).if }} xmit {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
+ helpers.getNodeByTag('interfaces.'+rule.interface).if }} {%
+ if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif
+ %} xmit {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
}}
add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
- helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
+ helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} xmit {{
- helpers.getNodeByTag('interfaces.'+rule.interface).if }} recv {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
+ helpers.getNodeByTag('interfaces.'+rule.interface).if }} {%
+ if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif
+ %} recv {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
}}
{% else %}
{# normal, single interface situation #}
add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
- helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
- }} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} via {{
+ helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
+ }} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} {%
+ if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif %} via {{
helpers.getNodeByTag('interfaces.'+rule.interface).if
}}
{% endif %}