Save states across reboot?
-
I remember at some point having a BSD-based firewall that let you run a command at shutdown to save firewall/NAT states to a file and then load them back at system start. After a bit of googling, it looks like this was the old "ipf" firewall package, and specifically the "ipfs" command (https://smartos.org/man/1m/ipfs).
It appears pf dropped this capability - I don't see anything in the pfctl manpage to lock, save or load states. So long shot, any plans for pfsense to do something similar since you're working with a sort of fork of the official pf? I remember how nice it was to be able to keep my ssh sessions around over the course of an OS update, how cool would that be if one could start an update in pfsense and when the box finishes rebooting all your long-running connections are still there?
-
No plans that I'm aware of. If session integrity is that important you should setup HA using CARP+pfsync so the states are synchronized to a secondary node and then synchronized back when the first node recovers.
-
Unless your router can reboot in 24 seconds, you're probably going to have a large porting of your TCP connection timeout. Few protocols will except 100% loss during a reboot. Little benefit to saving states.