Hello On Thu, Jan 04, 2024 at 12:14:20PM +0300, Alexander Okonnikov wrote: > Regarding flushing/clearing states manually - I guess the goal of introducing > '(intf)' was to make manual clearing unnecessary, hence, as a user, I expect
I think it never was a goal here. the dynamic interface helps with situation where firewall needs to refer to interface which IP address is not known at time rules are loaded. if address changes later (which might be case of some broad band network end-points), the new sessions start to use the new IP. the old session are supposed to just time out. </snip> > > Regarding the issue - I didn't experienced it yet, I am just planning to use > OpenBSD as my home Internet gateway. Currently I'm performing PoC stage and > analyze what could be in real life. Shown behavior could happen in presence > of long-lived NAT sessions, once external IP address has been changed. > OK, understood. thanks and regards sashan