Basically, I want this rule to stop all traffic to an iPad completely, but it's hit-or-miss on iMessages:
1. I have a rule to block an iPad to *Any which works for most apps and internet, but iMessages still goes through.
2. I next check the states for the iPad, delete them, iMessages then stops transmitting... cool.
3. I turn off the rule, everything transmits again.
4. I reactivate the block rule, back to step 1 :-[.
5. I deactivate the iPads WiFi, then reactivate it. The rule works - iMessage is blocked :-\.
But why are the states getting locked in when the rule is deactivated then reactivated?
Because that's the system's behaviour. Any states remain even after reloading the rules. Try restting the states manually. More info here: https://docs.opnsense.org/manual/firewall.html#states
If you are using a time schedule on that rule, those states are automatically cleared when the time comes. Info is at https://docs.opnsense.org/manual/firewall_settings.html#schedule-states