APNs and abnormal TCP flag attack detected
OS X Server with Apple Push Notification Services (APNs) enabled can cause ZyXEL ZyWALL USG series devices to log blizzards of errors:
alert Firewall abnormal TCP flag attack detected, DROP local-IP-address:55024 apple-IP-address:2195 ACCESS BLOCK
Key detail here is the target port is used by APNs, and disabling APNs via Server.app does end the blizzard.
Why this is happening, I don't yet know. This will eventually involve Wireshark, most likely.
