diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
index bb57a6967..d7d6630f8 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
@@ -244,6 +244,9 @@ class FilterRule extends Rule
                         $rule['state']['options'][] = "max-src-conn-rate " . $rule['max-src-conn-rate'] . " " .
                                              "/" . $rule['max-src-conn-rates'] . ", overload <{$otbl}> flush global ";
                     }
+                    if (!empty($rule['state-policy'])) {
+                        $rule['state']['options'][] = $rule['state-policy'];
+                    }
                 }
             }
             // icmp-type switch (ipv4/ipv6)
diff --git a/src/www/firewall_rules_edit.php b/src/www/firewall_rules_edit.php
index 050e0212d..1227da9a9 100644
--- a/src/www/firewall_rules_edit.php
+++ b/src/www/firewall_rules_edit.php
@@ -49,7 +49,7 @@ $gateways = new \OPNsense\Routing\Gateways();
 function FormSetAdvancedOptions(&$item) {
     foreach (array("max", "max-src-nodes", "max-src-conn", "max-src-states","nopfsync", "statetimeout", "adaptivestart"
                   , "adaptiveend", "max-src-conn-rate","max-src-conn-rates", "tag", "tagged", "allowopts", "reply-to","tcpflags1"
-                  ,"tcpflags2", "tos") as $fieldname) {
+                  ,"tcpflags2", "tos", "state-policy") as $fieldname) {
 
         if (strlen($item[$fieldname]) > 0) {
             return true;
@@ -126,6 +126,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         'set-prio-low',
         'statetimeout',
         'statetype',
+        'state-policy',
         'tag',
         'tagged',
         'tcpflags1',
@@ -421,6 +422,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         $input_errors[] = gettext("Both maximum new connections per host and the interval (per second(s)) must be specified");
     }
 
+    if (!empty($pconfig['state-policy']) && !in_array($pconfig['state-policy'], ['if-bound', 'floating'])) {
+      $input_errors[] = sprintf(gettext("Invalid state policy type %s"), $pconfig['state-policy']);
+    }
+
     if (empty($pconfig['max']) && ($pconfig['adaptivestart'] === "0" || $pconfig['adaptiveend'] === "0")) {
         $input_errors[] = gettext("Disabling adaptive timeouts is only supported in combination with a configured maximum number of states for the same rule.");
     } elseif ($pconfig['adaptivestart'] === "0" xor $pconfig['adaptiveend'] === "0") {
@@ -467,7 +472,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         // 1-on-1 copy of form values
         $copy_fields = array('type', 'interface', 'ipprotocol', 'tag', 'tagged', 'max', 'max-src-nodes'
                             , 'max-src-conn', 'max-src-states', 'statetimeout', 'statetype', 'os', 'descr', 'gateway'
-                            , 'sched', 'associated-rule-id', 'direction'
+                            , 'sched', 'associated-rule-id', 'direction', 'state-policy'
                             , 'max-src-conn-rate', 'max-src-conn-rates', 'category') ;
 
 
@@ -1716,6 +1721,30 @@ endforeach;?>
                           </div>
                         </td>
                     </tr>
+                    <tr class="opt_advanced hidden">
+                      <td><a id="help_for_state_policy" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("State policy");?></td>
+                      <td>
+                        <select name="state-policy" class="selectpicker" data-live-search="true" data-size="5" >
+<?php
+                        $statepolicies = [
+                          '' => gettext('Default'),
+                          'if-bound' => gettext('Bind states to interface'),
+                          'floating' =>  gettext('Floating states')
+                        ];
+                        foreach ($statepolicies as $policy => $pol_descr): ?>
+                        <option value="<?=$policy;?>" <?= $policy == $pconfig['state-policy'] ? "selected=\"selected\"" : "" ?>>
+                            <?=$pol_descr;?>
+                        </option>
+<?php
+                      endforeach; ?>
+                      </select>
+                      <div class="hidden" data-for="help_for_state_policy">
+                        <?=gettext("Choose how states created by this rule are treated, default (as defined in advanced), ".
+                                   "floating in which case states are valid on all interfaces or ".
+                                   "interface bound. Interface bound states are more secure, floating more flexible") ?>
+                      </div>
+                    </td>
+                  <tr>
 <?php
                     $has_created_time = (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']));
                     $has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated']));