Hello
On Thu, Jan 04, 2024 at 12:14:20PM +0300, Alexander Okonnikov wrote:
> Regarding flushing/clearing states manually - I guess the goal of introducing
> '(intf)' was to make manual clearing unnecessary, hence, as a user, I expect
I think it never was a goal here. the dynamic interface helps
with situation where firewall needs to refer to interface
which IP address is not known at time rules are loaded.
if address changes later (which might be case of some broad
band network end-points), the new sessions start to use
the new IP. the old session are supposed to just time out.
</snip>
>
> Regarding the issue - I didn't experienced it yet, I am just planning to use
> OpenBSD as my home Internet gateway. Currently I'm performing PoC stage and
> analyze what could be in real life. Shown behavior could happen in presence
> of long-lived NAT sessions, once external IP address has been changed.
>
OK, understood.
thanks and
regards
sashan
