Using: pfSense-Full-Update-1.2.3-20090407-0949.tgz.gz
The following is logged on syslog and in "Diagnostics: System logs: Firewall" when "Show raw filter logs" is enabled. If "Show raw filter logs" is disabled, the entry is only visible on the syslog server:
pf: 7\. 969869 rule 204/8(ip-option): pass in on rl0: (tos 0x0, ttl 54, id 78, offset 0, flags [DF], proto TCP (6), length 313, options (EOL)) xx.xxx.xxx.xx.50039 > 192.168.123.29.61456: P 0:257(257) ack 1 win 33120 <nop,nop,timestamp 0="" 7120472="">The logging for this rule is not enabled:
<rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp/udp</protocol>
<source>
<any><destination><address>192.168.123.29</address>
<port>61456</port></destination></any></os></statetimeout></max-src-states></max-src-nodes></rule>
I have not noticed this behaviour for other rules.
Besides this, thank you for this excellent firewall.</nop,nop,timestamp>