FIN/RST packets blocked
I hope this isn't a silly question, but I didn't find out by myself and it might be a peace of cake for somebody more experienced with pfSense:
Looking in the firewall log I see that all TCP:FA or TCP:RA pakets are blocked. I don't find any setting or rule to do so and honestly, I don't see a reason to block packages which (to my understanding) just terminate an existing TCP connection. I don't consider this as an issue but I'd appreciate if anybody could enlighten me… and I'd like to get rid of the logging entries!
I don't think this is important, but just for the records: 2.0.1-RELEASE (i386) / FreeBSD 8.1-RELEASE-p6
Probably this: http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F
Most likely, the connections were already allowed, but the states were removed, and then after the states were removed, another packet came through. Especially common if transparent squid is involved.
When 2.1 is released you will be able to not log those leftover packets from a previous connection by blocking the TCP packets with certain TCP Options set right at the beginning of your rule base. This was not possible until a recent change was made on a 2.1 RC snapshot.
Note the above discussion blocks without logging the leftover FIN/ACK packets. If you want to also not log the FIN/RST packets you would need to create another rule but with the TCP flags settings changed to TCP Flags: SET:FIN,RST OUTOF:FIN,SYN,RST,ACK,URG.
Before the latest snapshot of 2.1 a week or two ago you could not set TCP options for a block rule. Well you could specify them but if you ever did create such a rule pfsense would strip off the TCP options and block connections you didn't want to block.
So at least it wasn't a silly question though… :)
Thanks for the comments/hints!