Flush States

Categories:

• Technical

Tags:

• States

This is a small option, with large impacts.

Recommended Settings

• On - for testing new sites
• Off - for any other regular sync

How OPNsense Reconfigures

By default, Synclias calls the “reconfigure aliases” on OPNsense.

This loads the new alias into the active ruleset and from then on new connections start to use them, no interruption to flowing traffic.

This is a perfectly good way to handle things, dropping estabilished connections can be problematic and costly in terms of time. Generally for firewall rules etc, most connections are new so it doesn’t matter.

Differences with Flush States - On

If a user has an established connection, (e.g connecting to a site from their desktop) that’ll be reused when the refresh their browser, it won’t definitely route down the new path when the user refreshes the page, which can lead to frustration and confusion

Therefore, forcing the connection to drop in this case is a better option

For auto-syncs that happen overnight, it’s very unlikely that a user will be browsing and need the “right now” application that Flush States brings.

However, for testing, it’s much more important.