15.25. Why am I seeing traffic that I permitted getting dropped?

Assuming your firewall rules are set up appropriately to allow this traffic, the reason is because they are duplicate or last packets of a session. This is explained as follows by the IPFilter howto.

Due to the often laggy nature of the Internet, sometimes packets will be regenerated. Sometimes, you'll get two copies of the same packet, and your state rule which keeps track of sequence numbers will have already seen this packet, so it will assume that the packet is part of a different connection. Eventually this packet will run into a real rule and have to be dealt with. You'll often see the last packet of a session being closed get logged because the keep state code has already torn down the connection before the last packet has had a chance to make it to your firewall. This is normal, do not be alarmed.