kc9udx All 6 CPUs on the RockPro64 were at idle and RAM usage was low.
So I assume you were able to normally reach the firewall within the LAN and that the device hadn't panicked?
kc9udx Removing and re-initialising the WAN interface didn't help.
Did you check if the firewall could ping anything outside before restarting network services? Are you using a static IP or dhcpcd on the WAN interface (in the latter case, did you also remember to restart dhcpcd?)
If you're on a home network (dynamic IP) and have configured NPF to forward packets from a given external IPv4/6 address (instead of using ifaddrs()), is it possible that the home router lost connection and reinitialized itself with a different IP?
Is the device configured as host DMZ on the router? Has it an internal fixed IP assigned?
What about DNS? Does your device also act as a local caching/forwarding name server? What about router DNS settings (where does it forwards packets to [ISP's DNS I presume])?
As @Jay suggested, I would use tcpdump to inspect logs (implying you enabled logging on forwarding rules), traceroute to identiify routing problems, systat ifstat to display network traffic statistics.
Inspect /var/log/messages, and/or attach a serial console to check for network interface related kernel errors (might be a bug in the driver, in which case it should be reported, or missing firmware).
Also, you may want to use netstat to check if you're being targeted for DDoS attacks, and possibly hit a bandwidth limit.
