A denial of service vulnerability was reported in the Tiny Personal Firewall that allows a remote user to crash the firewall's host operating system by spoofing packets that are able to pass through the firewall's filters. Also, a malicious user can send packets with a spoofed source address set to the firewall's own IP address which will allow packets to pass through even with the firewalls settings set to high.
While no solution was available from the vendor, the author of the report suggests that firewall users change the permission for the rules under System Applications on Inbound ICMP(LAN1) to ask user.
Reported by: "Aaron Lu"