Setting it to medium seems to work, as it stops filtering Ping requests (pong replies whichever), it also stops a hell of a lot of unneccesary logging, and unless you are truly paranoid and have a lot of sensitive data should be enough

for those totally paranoid and want a fully secure system... get a PROPER firewall...