I have core2duo machine that I installed pfSense on. I quickly realized that after you assign interfaces and setup IPs nothing will work until you reboot.
The problem is that this is also true for firewall rules. I press that button to apply the settings/changes but I see that rules won't always apply until you reset the pfSense box.
I was trying out the tunnelbear and noticed that vpn stays active even if i uncheck all rules even the anti lockout rules.
With this kind of a bug how can pfSense even be a thing? Anybody having the same problem? Or am I doing something wrong?
Turning off all the rules means it will pass any traffic. Also, do you have a default allow rule? Remember that rules are parsed from top to bottom. Rules at the top are used first so if you allow traffic at the top but then deny it at the bottom the allow rule will take effect.
This might be getting "grandfathered" in because it was already an active connection when you removed the rules. You could test this with say ssh by not having any rules, verifying that you cannot ssh out, then make a rule allowing you to ssh out, ssh out, leave that connection open, kill the rule, verify that your existing connection is still alive, and seeing if you can open a new ssh session.
Honestly, I don't have much experience with "proper" firewalls. But I would expect that a firewall manufacturer would shy away from killing open connections. It would be difficult for companies to get work done if a firewall killed all open connections every time a rule was created, changed, or removed. Killing specific connections based on a rule that was being removed would seem like a good idea, but also would require a certain amount of extra logic (surface area) in the code, while also not taking into account that there may be circumstances where a firewall admin may not want the connections terminated.
Sounds to me like you are having some other issue. The firewall rules should be active as soon you apply them and they reload. I've been using pfsense for a couple years and this has always been the case. I use PIA as my vpn provider. Their setup guide for pfsense worked perfectly. I have firewall rules for certain ip's (Netflix & Hulu) to bypass the vpn and they work immediately after enabling or disabling and applying the changes.
Don't delete all the firewall rules because as you say the default action is to block traffic, you will lock yourself out and have to reset it. So leave atleast a rule in lan to access the webui.
Anyway, when you change the firewall rules it also helps to reset the state table as anything currently in the state table won't be affected by rule changes until the state expires.