pfSense

When flushing states one gets kicked out of pfSense management (HTTP/SSH).
I would suggest to modify the anti-lockout rule in filter.inc like this, using the "no state" feature of pf:

# make sure the user cannot lock himself out of the webConfigurator or SSH
pass in quick on {$lanif} proto tcp from any to ({$lanif}) port { {$alports} } no state label "anti-lockout rule"
pass out quick on {$lanif} proto tcp from ({$lanif}) port { {$alports} } to any no state label "anti-lockout rule"

This way you can keep on using your ssh/gui uniterrupted even if all states get flushed. Also the gui feature "Reset States" would profit from that. We could get rid of:
"NOTE: If you reset the firewall state table, the browser session may appear to be hung after clicking "Reset". Simply refresh the page to continue."