diff --git a/config/jail.conf b/config/jail.conf
index 178a4c5f..ba5d365a 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -253,6 +253,14 @@ action  = pf
 logpath = /var/log/sshd.log
 maxretry= 5
 
+# ipfw for osx (less capabilities that BSD)
+[osx-ssh-ipfw]
+
+enabled = false
+filter = sshd
+action = osx-ipfw
+logpath = /var/log/secure.log
+
 #
 # HTTP servers
 #
@@ -532,9 +540,3 @@ bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 maxretry = 5
 
-[osx-ssh-ipfw]
-
-enabled = false
-filter = sshd
-action = osx-ipfw
-logpath = /var/log/secure.log