diff --git a/sbin/ipfw/ipfw.c b/sbin/ipfw/ipfw.c
index 1923efdbbd27..d24280a3c3e1 100644
--- a/sbin/ipfw/ipfw.c
+++ b/sbin/ipfw/ipfw.c
@@ -2131,11 +2131,11 @@ badviacombo:
 		rule.fw_loghighest = rule.fw_logamount;
 	}
 done:
+	i = sizeof(rule);
+	if (getsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, &i) == -1)
+		err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_ADD");
 	if (!do_quiet)
 		show_ipfw(&rule, 10, 10);
-	i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
-	if (i)
-		err(EX_UNAVAILABLE, "setsockopt(%s)", "IP_FW_ADD");
 }
 
 static void
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index e81b1593c230..e15689546916 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -1512,7 +1512,7 @@ add_entry(struct ip_fw_head *chainptr, struct ip_fw *frwl)
 		}
 		if (nbr < IPFW_DEFAULT_RULE - 100)
 			nbr += 100;
-		ftmp->fw_number = nbr;
+		ftmp->fw_number = frwl->fw_number = nbr;
 	}
 
 	/* Got a valid number; now insert it, keeping the list ordered */
@@ -1928,6 +1928,8 @@ ip_fw_ctl(struct sockopt *sopt)
 			error = EINVAL;
 		} else {
 			error = add_entry(&ip_fw_chain, &frwl);
+			if (!error && sopt->sopt_dir == SOPT_GET)
+				error = sooptcopyout(sopt, &frwl, sizeof frwl);
 		}
 		break;
 
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 5d056cefadf6..554478231997 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -259,6 +259,7 @@ rip_ctloutput(so, sopt)
 			error = sooptcopyout(sopt, &optval, sizeof optval);
 			break;
 
+		case IP_FW_ADD:
 		case IP_FW_GET:
 			if (ip_fw_ctl_ptr == 0)
 				error = ENOPROTOOPT;