[fulafel]

If your prefix is always skipping, you have to complain to your ISP and meanwhile automate your network renumbering. Is there a reason you are not using the pfsense device to do routing and (put the cpe device to bridge mode)? Then you don't need to worry about your firewall not knowing about reboots, and the firewall rules will just work (assuming pfsense supports using prefix relative rules, vs hardcoding the prefix to all firewall rules...)

[magicalhippo]

The cable modem is a dumb bridge, and the pfSense is doing the routing (AFAIK). I can't see any way to do relative rules though, which is what makes it difficult. Maybe I'm missing something though.

[fulafel]

The manual seems to talk about host and network aliases, which might be what you want. Hopefully there are magic aliases for the interface networkts.

edit: https://docs.netgate.com/pfsense/en/latest/firewall/firewall... also talks about "LAN net" and "WAN net" aliases.