[False alarm - ignore] Firewall pass/block/reject & live view or logging issue

[elektroinside]

For the purpose of this test, I set up 5 URL IP table aliases (which is the blocklist) and one "Host(s)" alias containing 4 FQDNs which have static public IPs (which is the whitelist).
The URL Table (IPs) lists are a mixed content of 145.146 IPs and subnets (with a grand total of 657.109.432 unique IPs - that's a lot, I know, moving forward).
The rules are all "quick" floating, blocking all 657.109.432 unique IPs from any direction on the WAN, except the whitelist, as I am allowing anything from any direction from those 4 FQDNS.

Then I start to edit some rules, apply -> reloading of rules starts in the background, in the meantime, I start editing yet another rule -> another reloading starts in the background and so forth.

Then I go to the live firewall view to check how things are settling. I get to see a bunch of logs, allowed traffic coming from and to my whitelist FQDNs, but the thing is the IPs listed there do not match with my whitelisted FQDNs. So the firewall is (theoretically) allowing traffic from and to IPs which are not on the whitelist or at least this is how it reports it does. Like stuff are getting mixed up, blocked with allowed, allowed with blocked.

This is bad. Maybe it has something to do with those huge aliases, the editing of rules and quickly applying them, or the parallel reloading of rules in the background (? assumption). If so, probably a limit should be applied to allow only one reload of rules at a time?

Did anybody notice this?

If I reboot and do not edit/apply anything, no strange stuff happens on my box, at least right after the reboot.

[elektroinside]

OK, ignore this. I had a DDNS service active on my phone, which FQDN was one of the items in the whitelist. When connected to my local wifi, it updated the FQDN with my WAN's IP -> nullified all my rules. The firewall and reporting works perfectly fine