My personal take would be to leave the Sonicwall as a standard firewall, put the web and mail servers on non-internet IPs and forward the relevant ports only.
Find the offending device and give it a valid IP address ;D
Seriously - you can't "fix" this at the pfSense end - you've got to deal with the source of the packet that pfSense is receiving. The only way to do that is track down the offending box and correct the IP configuration.
Would PFsense 1.01 work better on the soekris with atheros cards? I'm just looking for a little platform that will push 16mbits to the wireless card. No FW rules or anything. What do you think?
Anyway, I managed to do what I needed to (install/assign another NIC) via the GUI (temporary blindness stopped me the first time) and it seems to run OK.
FYI
pfSense version 1.0.1
lightsquid 1.7.1
ntop 3.2_2
squid 2.6.5_1-p15
Plug one of the switch ports on the Linksys into the OPT port on pfsense, which will just bridge the wireless over to pfsense. setup a private subnet on that OPT interface with DHCP and it'll automatically NAT out your WAN IP.
But Yes.. NO Bios updates, no hardware changes it just happened. I been itching to go to version 1.2 RC1 so I figured it would be a good time. Only change but that was after the error.
However, I am not using the VLAN's in PFSense (a 3Com switch manages those upstream, and then routes the traffic to the internet or to the PFS if it's going to one of our protected servers).