It keeps detecting attacks that just aren't happening. For example, dns poisoning attacks from my dns servers. TCP Desynchronization attacks from clean computers on my LAN, thus blocking filesharing. It also blocks my vpn client (Cisco) from connecting to work, even though I've approved every dialog that has popped up about it and it's listed as "allow all communication" in the rules. Apparently that's not enough to allow it through. The actual communication is presumably handled by something I don't get an opportunity to allow. Hopefully some of this will be sorted in beta2 so I can enable the firewall again. It seemed to strike a fair balance. Being effective without being overly nagging.