Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.1183
diff -u -p -r1.1183 pf.c
--- pf.c	7 Jul 2023 08:05:02 -0000	1.1183
+++ pf.c	30 Jul 2023 06:58:33 -0000
@@ -4698,6 +4698,10 @@ pf_create_state(struct pf_pdesc *pd, str
 			sni->sn->states++;
 		}
 
+#if NPFSYNC > 0
+	pfsync_init_state(st, *skw, *sks, 0);
+#endif
+
 	if (pf_state_insert(BOUND_IFACE(r, pd->kif), skw, sks, st)) {
 		*sks = *skw = NULL;
 		REASON_SET(&reason, PFRES_STATEINS);
Index: if_pfsync.c
===================================================================
RCS file: /cvs/src/sys/net/if_pfsync.c,v
retrieving revision 1.318
diff -u -p -r1.318 if_pfsync.c
--- if_pfsync.c	6 Jul 2023 04:55:05 -0000	1.318
+++ if_pfsync.c	30 Jul 2023 06:58:33 -0000
@@ -1676,11 +1676,14 @@ pfsync_init_state(struct pf_state *st, c
 	}
 
 	/* state came off the wire */
-	if (ISSET(st->state_flags, PFSTATE_ACK)) {
-		CLR(st->state_flags, PFSTATE_ACK);
-
-		/* peer wants an iack, not an insert */
-		st->sync_state = PFSYNC_S_SYNC;
+	if (ISSET(flags, PFSYNC_SI_PFSYNC)) {
+		if (ISSET(st->state_flags, PFSTATE_ACK)) {
+			CLR(st->state_flags, PFSTATE_ACK);
+
+			/* peer wants an iack, not an insert */
+			st->sync_state = PFSYNC_S_SYNC;
+		} else
+			st->sync_state = PFSYNC_S_PFSYNC;
 	}
 }
 
@@ -1713,6 +1716,10 @@ pfsync_insert_state(struct pf_state *st)
 			pfsync_q_ins(s, st, PFSYNC_S_IACK);
 			pfsync_slice_sched(s); /* the peer is waiting */
 			break;
+		case PFSYNC_S_PFSYNC:
+			/* state was just inserted by pfsync */
+			st->sync_state = PFSYNC_S_NONE;
+			break;
 		default:
 			panic("%s: state %p unexpected sync_state %d",
 			    __func__, st, st->sync_state);
@@ -2829,7 +2836,7 @@ pfsync_in_ins(struct pfsync_softc *sc,
 			continue;
 		}
 
-		if (pf_state_import(sp, 0) == ENOMEM) {
+		if (pf_state_import(sp, PFSYNC_SI_PFSYNC) == ENOMEM) {
 			/* drop out, but process the rest of the actions */
 			break;
 		}
@@ -3009,7 +3016,7 @@ pfsync_in_upd(struct pfsync_softc *sc,
 		if (st == NULL) {
 			/* insert the update */
 			PF_LOCK();
-			error = pf_state_import(sp, 0);
+			error = pf_state_import(sp, PFSYNC_SI_PFSYNC);
 			if (error)
 				pfsyncstat_inc(pfsyncs_badstate);
 			PF_UNLOCK();
Index: if_pfsync.h
===================================================================
RCS file: /cvs/src/sys/net/if_pfsync.h,v
retrieving revision 1.60
diff -u -p -r1.60 if_pfsync.h
--- if_pfsync.h	6 Jul 2023 04:55:05 -0000	1.60
+++ if_pfsync.h	30 Jul 2023 06:58:33 -0000
@@ -307,6 +307,7 @@ enum pfsync_counters {
 
 #define PFSYNC_S_NONE	0xd0
 #define PFSYNC_S_SYNC	0xd1
+#define PFSYNC_S_PFSYNC	0xd2
 #define PFSYNC_S_DEAD	0xde
 
 int			pfsync_input4(struct mbuf **, int *, int, int);
@@ -316,6 +317,7 @@ int			pfsync_sysctl(int *, u_int,  void 
 #define	PFSYNC_SI_IOCTL		0x01
 #define	PFSYNC_SI_CKSUM		0x02
 #define	PFSYNC_SI_ACK		0x04
+#define	PFSYNC_SI_PFSYNC	0x08
 int			pfsync_state_import(struct pfsync_state *, int);
 void			pfsync_state_export(struct pfsync_state *,
 			    struct pf_state *);