diff --git a/firewall/filter.go b/firewall/filter.go
index 7fd5afba..e5c4aa1e 100644
--- a/firewall/filter.go
+++ b/firewall/filter.go
@@ -2,19 +2,12 @@ package firewall
 
 import (
 	"github.com/safing/portbase/config"
-	"github.com/safing/portbase/log"
 	"github.com/safing/portbase/modules"
 	"github.com/safing/portbase/modules/subsystems"
 	_ "github.com/safing/portmaster/core"
-	"github.com/safing/portmaster/intel/filterlists"
 )
 
-var (
-	filterModule *modules.Module
-
-	unbreakFilterListIDs         = []string{"UNBREAK"}
-	resolvedUnbreakFilterListIDs []string
-)
+var filterModule *modules.Module
 
 func init() {
 	filterModule = modules.Register("filter", filterPrep, filterStart, nil, "core", "intel")
@@ -51,12 +44,5 @@ func filterPrep() (err error) {
 func filterStart() error {
 	getConfig()
 
-	// TODO: Re-resolve IDs when filterlist index changes.
-	resolvedIDs, err := filterlists.ResolveListIDs(unbreakFilterListIDs)
-	if err != nil {
-		log.Warningf("filter: failed to resolve unbreak filter list IDs: %s", err)
-	} else {
-		resolvedUnbreakFilterListIDs = resolvedIDs
-	}
 	return nil
 }
diff --git a/firewall/master.go b/firewall/master.go
index 67e4f491..21ce8229 100644
--- a/firewall/master.go
+++ b/firewall/master.go
@@ -8,6 +8,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/safing/portmaster/intel/filterlists"
+
 	"github.com/agext/levenshtein"
 	"golang.org/x/net/publicsuffix"
 
@@ -435,6 +437,7 @@ func checkFilterLists(ctx context.Context, conn *network.Connection, p *profile.
 	switch result {
 	case endpoints.Denied:
 		// If the connection matches a filter list, check if the "unbreak" list matches too and abort blocking.
+		resolvedUnbreakFilterListIDs := filterlists.GetUnbreakFilterListIDs()
 		for _, blockedListID := range conn.Entity.BlockedByLists {
 			for _, unbreakListID := range resolvedUnbreakFilterListIDs {
 				if blockedListID == unbreakListID {
diff --git a/intel/filterlists/index.go b/intel/filterlists/index.go
index f0c511e7..a7081805 100644
--- a/intel/filterlists/index.go
+++ b/intel/filterlists/index.go
@@ -196,8 +196,12 @@ func updateListIndex() error {
 				listIndexUpdate.Version(),
 			)
 		default:
-			log.Debug("filterlists: index is up to date")
 			// List is in cache and current, there is nothing to do.
+			log.Debug("filterlists: index is up to date")
+
+			// Update the unbreak filter list IDs on initial load.
+			updateUnbreakFilterListIDs()
+
 			return nil
 		}
 	case listIndexUpdate.UpgradeAvailable():
@@ -225,6 +229,9 @@ func updateListIndex() error {
 	}
 	log.Debugf("intel/filterlists: updated list index in cache to %s", index.Version)
 
+	// Update the unbreak filter list IDs after an update.
+	updateUnbreakFilterListIDs()
+
 	return nil
 }
 
@@ -252,3 +259,30 @@ func ResolveListIDs(ids []string) ([]string, error) {
 
 	return resolved, nil
 }
+
+var (
+	unbreakCategoryIDs = []string{"UNBREAK"}
+
+	unbreakIDs     []string
+	unbreakIDsLock sync.Mutex
+)
+
+// GetUnbreakFilterListIDs returns the resolved list of all unbreak filter lists.
+func GetUnbreakFilterListIDs() []string {
+	unbreakIDsLock.Lock()
+	defer unbreakIDsLock.Unlock()
+
+	return unbreakIDs
+}
+
+func updateUnbreakFilterListIDs() {
+	unbreakIDsLock.Lock()
+	defer unbreakIDsLock.Unlock()
+
+	resolvedIDs, err := ResolveListIDs(unbreakCategoryIDs)
+	if err != nil {
+		log.Warningf("filter: failed to resolve unbreak filter list IDs: %s", err)
+	} else {
+		unbreakIDs = resolvedIDs
+	}
+}