A search on this topic came up with a number of threads, but no resolution (that I saw offhand). I can induce this behavior myself by adding or deleting rules; this does not seem to cover all of the posted cases (it persists through the life of the session only). I really have one question: Are these dialogs scheduled for rewrite/revision? I don't see anything obvious in the roadmap; I didn't dig through github. I won't bother poking at them if they're going to be obsolete soon (or if I missed a resolution).
It's an issue with identification of firewall rules from the kernel between applies. We're tracking some rules by labels, but NAT rules don't have label support and some data comes from pftop which doesn't offer anything but index into current ruleset which may extrapolate from wrong data.
Without a OS redesign of these parts it's unlikely to get fixed. But I am not an enthusiast on those issues anymore. ;)
Cheers,
Franco
Grr. I figured it was a pf data availability issue. Thanks.