"
I can confirm almost the exact same behavior on my end.
The issue is that when a connection state already exists before the killswitch rule is enabled, traffic continues to follow the previously created state. As a result, the killswitch rule is bypassed until those states are cleared. Manually clearing the relevant states forces the firewall to create new ones that will then be evaluated and blocked by the killswitch rule as intended.
The larger problem is that you need to clear all connection states for hosts in the subnet (10.0.10.0/24). Doing so will kill all active connections (gaming, downloads, streaming, etc.), since every existing state for that subnet will be dropped, which is very bad.
The alternative would be to disable state tracking completely, but that will result in reduced performance (and might break other features?).
The most reliable solution is still to clear the states, even though it will impact the entire 10.0.10.0/24 network. Fortunately, this state reset is typically required only once (when you first apply the killswitch rule). VPN clients (PC or mobile) do the same thing on connection, the difference is that they affect only a single device rather than the whole subnet.
The issue is that when a connection state already exists before the killswitch rule is enabled, traffic continues to follow the previously created state. As a result, the killswitch rule is bypassed until those states are cleared. Manually clearing the relevant states forces the firewall to create new ones that will then be evaluated and blocked by the killswitch rule as intended.
The larger problem is that you need to clear all connection states for hosts in the subnet (10.0.10.0/24). Doing so will kill all active connections (gaming, downloads, streaming, etc.), since every existing state for that subnet will be dropped, which is very bad.
The alternative would be to disable state tracking completely, but that will result in reduced performance (and might break other features?).
The most reliable solution is still to clear the states, even though it will impact the entire 10.0.10.0/24 network. Fortunately, this state reset is typically required only once (when you first apply the killswitch rule). VPN clients (PC or mobile) do the same thing on connection, the difference is that they affect only a single device rather than the whole subnet.
