diff --git a/src/common/fortconf.h b/src/common/fortconf.h
index b7d68b82..b0086d7e 100644
--- a/src/common/fortconf.h
+++ b/src/common/fortconf.h
@@ -15,11 +15,12 @@ typedef struct fort_conf_flags {
   UINT32 filter_enabled		: 1;
   UINT32 stop_traffic		: 1;
   UINT32 stop_inet_traffic	: 1;
+  UINT32 ignore_tcp_rst		: 1;
   UINT32 app_block_all		: 1;
   UINT32 app_allow_all		: 1;
   UINT32 log_blocked		: 1;
   UINT32 log_stat		: 1;
-  UINT32 _reserved_		: 9;
+  UINT32 _reserved_		: 8;
   UINT32 group_bits		: 16;
 } FORT_CONF_FLAGS, *PFORT_CONF_FLAGS;
 
diff --git a/src/common/fortprov.c b/src/common/fortprov.c
index 24395f5a..8dd7df76 100644
--- a/src/common/fortprov.c
+++ b/src/common/fortprov.c
@@ -185,7 +185,7 @@ fort_prov_register (HANDLE transEngine, BOOL is_boot)
 }
 
 static DWORD
-fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
+fort_prov_flow_register (HANDLE transEngine, BOOL filter_transport)
 {
   FWPM_FILTER0 sfilter4, dfilter4;
   FWPM_FILTER0 itfilter4, otfilter4;
@@ -208,7 +208,7 @@ fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
   sfilter4.subLayerKey = FORT_GUID_SUBLAYER;
   sfilter4.displayData.name = (PWCHAR) L"FortFilterStream4";
   sfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Stream V4";
-  sfilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
+  sfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
   sfilter4.action.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
 
   RtlZeroMemory(&dfilter4, sizeof(FWPM_FILTER0));
@@ -218,7 +218,7 @@ fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
   dfilter4.subLayerKey = FORT_GUID_SUBLAYER;
   dfilter4.displayData.name = (PWCHAR) L"FortFilterDatagram4";
   dfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Datagram V4";
-  dfilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
+  dfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
   dfilter4.action.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
 
   RtlZeroMemory(&itfilter4, sizeof(FWPM_FILTER0));
@@ -228,7 +228,7 @@ fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
   itfilter4.subLayerKey = FORT_GUID_SUBLAYER;
   itfilter4.displayData.name = (PWCHAR) L"FortFilterInTransport4";
   itfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Inbound Transport V4";
-  itfilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
+  itfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
   itfilter4.action.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
 
   RtlZeroMemory(&otfilter4, sizeof(FWPM_FILTER0));
@@ -238,15 +238,17 @@ fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
   otfilter4.subLayerKey = FORT_GUID_SUBLAYER;
   otfilter4.displayData.name = (PWCHAR) L"FortFilterOutTransport4";
   otfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Outbound Transport V4";
-  otfilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
+  otfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
   otfilter4.action.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
 
   if ((status = FwpmFilterAdd0(engine, &sfilter4, NULL, NULL))
       || (status = FwpmFilterAdd0(engine, &dfilter4, NULL, NULL))
+      || (filter_transport
+        && ((status = FwpmFilterAdd0(engine, &itfilter4, NULL, NULL))
 #if 0
-      || (speed_limit && ((status = FwpmFilterAdd0(engine, &itfilter4, NULL, NULL))
-        || (status = FwpmFilterAdd0(engine, &otfilter4, NULL, NULL))))
+        || (status = FwpmFilterAdd0(engine, &otfilter4, NULL, NULL))
 #endif
+        ))
       ) {
     fort_prov_trans_abort(engine);
   }
diff --git a/src/common/version.h b/src/common/version.h
index fc75565a..fdbc2e08 100644
--- a/src/common/version.h
+++ b/src/common/version.h
@@ -7,6 +7,6 @@
 #define APP_UPDATES_URL		"https://github.com/tnodir/fort/releases"
 #define APP_UPDATES_API_URL	"https://api.github.com/repos/tnodir/fort/releases/latest"
 
-#define DRIVER_VERSION		5
+#define DRIVER_VERSION		6
 
 #endif // VERSION_H
diff --git a/src/driver/fortdrv.c b/src/driver/fortdrv.c
index 0fffbf10..a72d0e74 100644
--- a/src/driver/fortdrv.c
+++ b/src/driver/fortdrv.c
@@ -24,27 +24,35 @@
 #include "fortstat.c"
 #include "forttmr.c"
 
+#define HTONL(l)	_byteswap_ulong(l)
+#define NTOHL(l)	HTONL(l)
+#define HTONS(s)	_byteswap_ushort(s)
+#define NTOHS(s)	HTONS(s)
+
+#define TCP_HEADER_FLAG_FIN	0x0001
+#define TCP_HEADER_FLAG_SYN	0x0002
+#define TCP_HEADER_FLAG_RST	0x0004
+#define TCP_HEADER_FLAG_PSH	0x0008
+#define TCP_HEADER_FLAG_ACK	0x0010
+#define TCP_HEADER_FLAG_URG	0x0020
+#define TCP_HEADER_FLAG_ECE	0x0040
+#define TCP_HEADER_FLAG_CWR	0x0080
+
 typedef struct tcp_header {
-  UINT16 source;
-  UINT16 dest;
+  UINT16 source;	// Source Port
+  UINT16 dest;		// Destination Port
 
-  UINT32 seq;
-  UINT32 ack_seq;
+  UINT32 seq;		// Sequence number
+  UINT32 ack_seq;	// Acknowledgement number
 
-  UINT16 res1	: 4;
-  UINT16 doff	: 4;
-  UINT16 fin	: 1;
-  UINT16 syn	: 1;
-  UINT16 rst	: 1;
-  UINT16 psh	: 1;
-  UINT16 ack	: 1;
-  UINT16 urg	: 1;
-  UINT16 ece	: 1;
-  UINT16 cwr	: 1;
+  UCHAR res1	: 4;	// Unused
+  UCHAR doff	: 4;	// Data offset
 
-  UINT16 window;
-  UINT16 checksum;
-  UINT16 urg_ptr;
+  UCHAR flags;		// Flags
+
+  UINT16 window;	// Window size
+  UINT16 csum;		// Checksum
+  UINT16 urg_ptr;	// Urgent Pointer
 } TCP_HEADER, *PTCP_HEADER;
 
 typedef struct fort_conf_ref {
@@ -61,12 +69,13 @@ typedef struct fort_device {
   UINT32 connect4_id;
   UINT32 accept4_id;
 
+  FORT_CONF_FLAGS volatile conf_flags;
+  PFORT_CONF_REF volatile conf_ref;
+  KSPIN_LOCK conf_lock;
+
   FORT_BUFFER buffer;
   FORT_STAT stat;
   FORT_TIMER timer;
-
-  PFORT_CONF_REF volatile conf_ref;
-  KSPIN_LOCK conf_lock;
 } FORT_DEVICE, *PFORT_DEVICE;
 
 static PFORT_DEVICE g_device = NULL;
@@ -140,8 +149,14 @@ fort_conf_ref_set (PFORT_CONF_REF conf_ref)
     }
 
     if (conf_ref != NULL) {
-      g_device->prov_boot = conf_ref->conf.flags.prov_boot;
+      const PFORT_CONF_FLAGS conf_flags = &conf_ref->conf.flags;
+
+      g_device->prov_boot = conf_flags->prov_boot;
       g_device->was_conf = TRUE;
+
+      g_device->conf_flags = *conf_flags;
+    } else {
+      RtlZeroMemory((void *) &g_device->conf_flags, sizeof(FORT_CONF_FLAGS));
     }
   }
   KeReleaseInStackQueuedSpinLock(&lock_queue);
@@ -172,10 +187,14 @@ fort_conf_ref_flags_set (const PFORT_CONF_FLAGS conf_flags)
 
       fort_conf_app_perms_mask_init(conf);
 
-      g_device->prov_boot = conf->flags.prov_boot;
+      g_device->prov_boot = conf_flags->prov_boot;
+
+      g_device->conf_flags = *conf_flags;
     } else {
       RtlZeroMemory(&old_conf_flags, sizeof(FORT_CONF_FLAGS));
       old_conf_flags.prov_boot = g_device->prov_boot;
+
+      RtlZeroMemory((void *) &g_device->conf_flags, sizeof(FORT_CONF_FLAGS));
     }
   }
   KeReleaseInStackQueuedSpinLock(&lock_queue);
@@ -190,6 +209,14 @@ fort_callout_classify_block (FWPS_CLASSIFY_OUT0 *classifyOut)
   classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
 }
 
+static void
+fort_callout_classify_drop (FWPS_CLASSIFY_OUT0 *classifyOut)
+{
+  classifyOut->flags |= FWPS_CLASSIFY_OUT_FLAG_ABSORB;
+
+  fort_callout_classify_block(classifyOut);
+}
+
 static void
 fort_callout_classify_permit (const FWPS_FILTER0 *filter,
                               FWPS_CLASSIFY_OUT0 *classifyOut)
@@ -211,7 +238,8 @@ fort_callout_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
                           const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues,
                           const FWPS_FILTER0 *filter,
                           FWPS_CLASSIFY_OUT0 *classifyOut,
-                          int flagsField, int remoteIpField)
+                          int flagsField, int remoteIpField,
+                          int localPortIpField, int remotePortIpField)
 {
   PFORT_CONF_REF conf_ref;
   PVOID path;
@@ -279,6 +307,12 @@ fort_callout_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
           DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
                      "FORT: Classify v4: Flow assoc. error: %d\n", status);
         } else if (is_new_proc) {
+          const UINT16 localPort = inFixedValues->incomingValue[localPortIpField].value.uint16;
+          const UINT16 remotePort = inFixedValues->incomingValue[remotePortIpField].value.uint16;
+
+          DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
+                     "FORT: Flow: %x %d %d (%ws)\n", (UINT32) flowId, localPort, remotePort, path);
+
           fort_buffer_proc_new_write(&g_device->buffer,
             process_id, path_len, path, &irp, &info);
         }
@@ -320,7 +354,9 @@ fort_callout_connect_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
 
   fort_callout_classify_v4(inFixedValues, inMetaValues, filter, classifyOut,
       FWPS_FIELD_ALE_AUTH_CONNECT_V4_FLAGS,
-      FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_ADDRESS);
+      FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_ADDRESS,
+      FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_LOCAL_PORT,
+      FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_PORT);
 }
 
 static void
@@ -336,7 +372,9 @@ fort_callout_accept_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
 
   fort_callout_classify_v4(inFixedValues, inMetaValues, filter, classifyOut,
       FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_FLAGS,
-      FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_ADDRESS);
+      FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_ADDRESS,
+      FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_PORT,
+      FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_PORT);
 }
 
 static NTSTATUS NTAPI
@@ -352,6 +390,7 @@ fort_callout_notify (FWPS_CALLOUT_NOTIFY_TYPE notifyType,
 
 static void
 fort_callout_flow_classify_v4 (const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues,
+                               const FWPS_FILTER0 *filter,
                                UINT64 flowContext,
                                FWPS_CLASSIFY_OUT0 *classifyOut,
                                UINT32 dataSize, BOOL inbound)
@@ -360,9 +399,9 @@ fort_callout_flow_classify_v4 (const FWPS_INCOMING_METADATA_VALUES0 *inMetaValue
 
   if (fort_stat_flow_classify(&g_device->stat, flowContext,
       headerSize + dataSize, inbound)) {
-    fort_callout_classify_block(classifyOut);
+    fort_callout_classify_drop(classifyOut);
   } else {
-    fort_callout_classify_continue(classifyOut);
+    fort_callout_classify_permit(filter, classifyOut);
   }
 }
 
@@ -380,10 +419,9 @@ fort_callout_stream_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
   const BOOL inbound = (streamData->flags & FWPS_STREAM_FLAG_RECEIVE) != 0;
 
   UNUSED(inFixedValues);
-  UNUSED(filter);
 
-  fort_callout_flow_classify_v4(inMetaValues, flowContext, classifyOut,
-    dataSize, inbound);
+  fort_callout_flow_classify_v4(inMetaValues, filter, flowContext,
+    classifyOut, dataSize, inbound);
 }
 
 static void
@@ -402,11 +440,9 @@ fort_callout_datagram_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
   const BOOL inbound = (direction == FWP_DIRECTION_INBOUND);
 
   UNUSED(inFixedValues);
-  UNUSED(filter);
-  UNUSED(flowContext);
 
-  fort_callout_flow_classify_v4(inMetaValues, flowContext, classifyOut,
-    dataSize, inbound);
+  fort_callout_flow_classify_v4(inMetaValues, filter, flowContext,
+    classifyOut, dataSize, inbound);
 }
 
 static void
@@ -427,38 +463,42 @@ fort_callout_transport_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
                                     FWPS_CLASSIFY_OUT0 *classifyOut,
                                     int ipProtoField, BOOL inbound)
 {
-#if 0
-  const PNET_BUFFER netBuf = NET_BUFFER_LIST_FIRST_NB(netBufList);
-  const UINT32 dataSize = NET_BUFFER_DATA_LENGTH(netBuf);
+  const IPPROTO ip_proto = (IPPROTO) inFixedValues->incomingValue[
+    ipProtoField].value.uint8;
+  const BOOL is_udp = (ip_proto == IPPROTO_UDP);
 
-  UNUSED(filter);
-  UNUSED(flowContext);
+  if (is_udp) goto permit;
 
-  if (dataSize == 0) {
-    const IPPROTO ip_proto = (IPPROTO) inFixedValues->incomingValue[
-      ipProtoField].value.uint8;
-    const BOOL is_udp = (ip_proto == IPPROTO_UDP);
+  /* Position in the packet data:
+   * FWPS_LAYER_INBOUND_TRANSPORT_V4: The beginning of the data.
+   * FWPS_LAYER_OUTBOUND_TRANSPORT_V4: The beginning of the transport header.
+   */
 
-    if (!is_udp) {
-      PTCP_HEADER tcpHeader;
+  if (inbound && g_device->conf_flags.ignore_tcp_rst) {
+    const PNET_BUFFER netBuf = NET_BUFFER_LIST_FIRST_NB(netBufList);
+    TCP_HEADER buf;
+    PTCP_HEADER tcpHeader;
+    BOOL blocked = FALSE;
 
-      NdisAdvanceNetBufferDataStart(netBuf,
-        inMetaValues->ipHeaderSize, FALSE, NULL);
+    NdisRetreatNetBufferDataStart(netBuf, sizeof(TCP_HEADER), 0, NULL);
 
-      tcpHeader = NdisGetDataBuffer(netBuf, sizeof(TCP_HEADER),
-        NULL, sizeof(UINT16), 0);
+    tcpHeader = NdisGetDataBuffer(netBuf, sizeof(TCP_HEADER), &buf, 1, 0);
 
-      if (tcpHeader->ack) {
-        DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
-                   "FORT: Ack: %d %d\n", (UINT32) flowContext, inbound);
+    blocked = (tcpHeader->flags & TCP_HEADER_FLAG_RST);
 
-        //fort_stat_flow_shape(&g_device->stat, flowContext, inbound);
-      }
+    NdisAdvanceNetBufferDataStart(netBuf, sizeof(TCP_HEADER), FALSE, NULL);
+
+    if (blocked) {
+      DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
+                 "FORT: RST: %x %d %d flags=%x\n", (UINT32) inMetaValues->flowHandle, NTOHS(tcpHeader->dest), NTOHS(tcpHeader->source), tcpHeader->flags);
+
+      fort_callout_classify_drop(classifyOut);
+      return;
     }
   }
-#endif
 
-  classifyOut->actionType = FWP_ACTION_CONTINUE;
+ permit:
+  fort_callout_classify_permit(filter, classifyOut);
 }
 
 static void
@@ -653,7 +693,7 @@ fort_callout_force_reauth (PDEVICE_OBJECT device,
  stat:
     if (conf_flags.log_stat) {
       if ((status = fort_prov_flow_register(engine,
-          (stat->limit_bits != 0))))
+          (conf_flags.ignore_tcp_rst != 0))))
         goto cleanup;
     }
   }
diff --git a/src/ui/conf/firewallconf.cpp b/src/ui/conf/firewallconf.cpp
index d4af28be..df78f83b 100644
--- a/src/ui/conf/firewallconf.cpp
+++ b/src/ui/conf/firewallconf.cpp
@@ -12,6 +12,7 @@ FirewallConf::FirewallConf(QObject *parent) :
     m_filterEnabled(true),
     m_stopTraffic(false),
     m_stopInetTraffic(false),
+    m_ignoreTcpRst(false),
     m_resolveAddress(false),
     m_logErrors(false),
     m_logBlocked(false),
@@ -60,6 +61,14 @@ void FirewallConf::setStopInetTraffic(bool stopInetTraffic)
     }
 }
 
+void FirewallConf::setIgnoreTcpRst(bool ignoreTcpRst)
+{
+    if (m_ignoreTcpRst != ignoreTcpRst) {
+        m_ignoreTcpRst = ignoreTcpRst;
+        emit ignoreTcpRstChanged();
+    }
+}
+
 void FirewallConf::setResolveAddress(bool resolveAddress)
 {
     if (m_resolveAddress != resolveAddress) {
@@ -230,6 +239,7 @@ void FirewallConf::copyFlags(const FirewallConf &o)
     setFilterEnabled(o.filterEnabled());
     setStopTraffic(o.stopTraffic());
     setStopInetTraffic(o.stopInetTraffic());
+    setIgnoreTcpRst(o.ignoreTcpRst());
     setLogErrors(o.logErrors());
     setAppBlockAll(o.appBlockAll());
     setAppAllowAll(o.appAllowAll());
diff --git a/src/ui/conf/firewallconf.h b/src/ui/conf/firewallconf.h
index 9f2615c9..9b289002 100644
--- a/src/ui/conf/firewallconf.h
+++ b/src/ui/conf/firewallconf.h
@@ -21,6 +21,7 @@ class FirewallConf : public QObject
     Q_PROPERTY(bool filterEnabled READ filterEnabled WRITE setFilterEnabled NOTIFY filterEnabledChanged)
     Q_PROPERTY(bool stopTraffic READ stopTraffic WRITE setStopTraffic NOTIFY stopTrafficChanged)
     Q_PROPERTY(bool stopInetTraffic READ stopInetTraffic WRITE setStopInetTraffic NOTIFY stopInetTrafficChanged)
+    Q_PROPERTY(bool ignoreTcpRst READ ignoreTcpRst WRITE setIgnoreTcpRst NOTIFY ignoreTcpRstChanged)
     Q_PROPERTY(bool resolveAddress READ resolveAddress WRITE setResolveAddress NOTIFY resolveAddressChanged)
     Q_PROPERTY(bool logErrors READ logErrors WRITE setLogErrors NOTIFY logErrorsChanged)
     Q_PROPERTY(bool logBlocked READ logBlocked WRITE setLogBlocked NOTIFY logBlockedChanged)
@@ -64,6 +65,9 @@ public:
     bool stopInetTraffic() const { return m_stopInetTraffic; }
     void setStopInetTraffic(bool stopInetTraffic);
 
+    bool ignoreTcpRst() const { return m_ignoreTcpRst; }
+    void setIgnoreTcpRst(bool ignoreTcpRst);
+
     bool resolveAddress() const { return m_resolveAddress; }
     void setResolveAddress(bool resolveAddress);
 
@@ -126,6 +130,7 @@ signals:
     void filterEnabledChanged();
     void stopTrafficChanged();
     void stopInetTrafficChanged();
+    void ignoreTcpRstChanged();
     void resolveAddressChanged();
     void logErrorsChanged();
     void logBlockedChanged();
@@ -152,6 +157,7 @@ private:
     uint m_filterEnabled    : 1;
     uint m_stopTraffic      : 1;
     uint m_stopInetTraffic  : 1;
+    uint m_ignoreTcpRst     : 1;
 
     uint m_resolveAddress   : 1;
 
diff --git a/src/ui/fortsettings.cpp b/src/ui/fortsettings.cpp
index 1147f17b..137dc2cb 100644
--- a/src/ui/fortsettings.cpp
+++ b/src/ui/fortsettings.cpp
@@ -222,6 +222,7 @@ bool FortSettings::readConfIni(FirewallConf &conf) const
     conf.setFilterEnabled(iniBool("filterEnabled", true));
     conf.setStopTraffic(iniBool("stopTraffic"));
     conf.setStopInetTraffic(iniBool("stopInetTraffic"));
+    conf.setIgnoreTcpRst(iniBool("ignoreTcpRst"));
     conf.setResolveAddress(iniBool("resolveAddress"));
     conf.setLogErrors(iniBool("logErrors"));
     conf.setLogBlocked(iniBool("logBlocked"));
@@ -249,6 +250,7 @@ bool FortSettings::writeConfIni(const FirewallConf &conf)
     setIniValue("filterEnabled", conf.filterEnabled());
     setIniValue("stopTraffic", conf.stopTraffic());
     setIniValue("stopInetTraffic", conf.stopInetTraffic());
+    setIniValue("ignoreTcpRst", conf.ignoreTcpRst());
     setIniValue("resolveAddress", conf.resolveAddress());
     setIniValue("logErrors", conf.logErrors());
     setIniValue("logBlocked", conf.logBlocked());
diff --git a/src/ui/i18n/i18n_ru.qm b/src/ui/i18n/i18n_ru.qm
index 00adfb40..90f8b943 100644
Binary files a/src/ui/i18n/i18n_ru.qm and b/src/ui/i18n/i18n_ru.qm differ
diff --git a/src/ui/i18n/i18n_ru.ts b/src/ui/i18n/i18n_ru.ts
index cd1db763..670afc4d 100644
--- a/src/ui/i18n/i18n_ru.ts
+++ b/src/ui/i18n/i18n_ru.ts
@@ -4,17 +4,17 @@
 <context>
     <name>ConfUtil</name>
     <message>
-        <location filename="../util/conf/confutil.cpp" line="118"/>
+        <location filename="../util/conf/confutil.cpp" line="119"/>
         <source>Bad Include IP address: %1</source>
         <translation>Некорректный IP адрес для включения: %1</translation>
     </message>
     <message>
-        <location filename="../util/conf/confutil.cpp" line="126"/>
+        <location filename="../util/conf/confutil.cpp" line="127"/>
         <source>Bad Exclude IP address: %1</source>
         <translation>Некорректный IP адрес для исключения: %1</translation>
     </message>
     <message>
-        <location filename="../util/conf/confutil.cpp" line="137"/>
+        <location filename="../util/conf/confutil.cpp" line="138"/>
         <source>Too many IP addresses</source>
         <translation>Слишком много IP адресов</translation>
     </message>
@@ -24,17 +24,17 @@
         <translation>Слишком много путей приложений</translation>
     </message>
     <message>
-        <location filename="../util/conf/confutil.cpp" line="159"/>
+        <location filename="../util/conf/confutil.cpp" line="160"/>
         <source>Number of Application Groups must be &lt; %1</source>
         <translation>Количество групп приложений должно быть &lt; %1</translation>
     </message>
     <message>
-        <location filename="../util/conf/confutil.cpp" line="171"/>
+        <location filename="../util/conf/confutil.cpp" line="172"/>
         <source>Length of Application Group&apos;s Name must be &lt; %1</source>
         <translation>Длина наименования группы приложения должна быть &lt; %1</translation>
     </message>
     <message>
-        <location filename="../util/conf/confutil.cpp" line="217"/>
+        <location filename="../util/conf/confutil.cpp" line="220"/>
         <source>Length of Application&apos;s Path must be &lt; %1</source>
         <translation>Длина пути приложения должна быть &lt; %1</translation>
     </message>
@@ -352,7 +352,7 @@
         <translation>Статистика</translation>
     </message>
     <message>
-        <location filename="../qml/pages/OptionsPage.qml" line="103"/>
+        <location filename="../qml/pages/OptionsPage.qml" line="115"/>
         <source>Password:</source>
         <translation>Пароль:</translation>
     </message>
@@ -402,37 +402,42 @@
         <translation>Остановить Интернет трафик</translation>
     </message>
     <message>
-        <location filename="../qml/pages/OptionsPage.qml" line="88"/>
+        <location filename="../qml/pages/OptionsPage.qml" line="89"/>
+        <source>Ignore TCP RST-packets</source>
+        <translation>Игнорировать TCP RST-пакеты</translation>
+    </message>
+    <message>
+        <location filename="../qml/pages/OptionsPage.qml" line="100"/>
         <source>Log Errors</source>
         <translation>Лог ошибок</translation>
     </message>
     <message>
-        <location filename="../qml/pages/OptionsPage.qml" line="124"/>
+        <location filename="../qml/pages/OptionsPage.qml" line="136"/>
         <source>Installed</source>
         <translation>Установлен</translation>
     </message>
     <message>
-        <location filename="../qml/pages/OptionsPage.qml" line="125"/>
+        <location filename="../qml/pages/OptionsPage.qml" line="137"/>
         <source>Not Installed</source>
         <translation>Не установлен</translation>
     </message>
     <message>
-        <location filename="../qml/pages/OptionsPage.qml" line="135"/>
+        <location filename="../qml/pages/OptionsPage.qml" line="147"/>
         <source>Language:</source>
         <translation>Язык:</translation>
     </message>
     <message>
-        <location filename="../qml/pages/OptionsPage.qml" line="154"/>
+        <location filename="../qml/pages/OptionsPage.qml" line="166"/>
         <source>Logs</source>
         <translation>Логи</translation>
     </message>
     <message>
-        <location filename="../qml/pages/OptionsPage.qml" line="166"/>
+        <location filename="../qml/pages/OptionsPage.qml" line="178"/>
         <source>Profile</source>
         <translation>Профиль</translation>
     </message>
     <message>
-        <location filename="../qml/pages/OptionsPage.qml" line="176"/>
+        <location filename="../qml/pages/OptionsPage.qml" line="188"/>
         <source>Releases</source>
         <translation>Релизы</translation>
     </message>
diff --git a/src/ui/qml/pages/OptionsPage.qml b/src/ui/qml/pages/OptionsPage.qml
index 1dc6b8e3..aa1d2073 100644
--- a/src/ui/qml/pages/OptionsPage.qml
+++ b/src/ui/qml/pages/OptionsPage.qml
@@ -83,6 +83,18 @@ BasePage {
                 }
             }
 
+            CheckBox {
+                enabled: firewallConf.logStat
+                text: translationManager.dummyBool
+                      && qsTranslate("qml", "Ignore TCP RST-packets")
+                checked: firewallConf.ignoreTcpRst
+                onToggled: {
+                    firewallConf.ignoreTcpRst = checked;
+
+                    setConfFlagsEdited();
+                }
+            }
+
             CheckBox {
                 text: translationManager.dummyBool
                       && qsTranslate("qml", "Log Errors")
diff --git a/src/ui/util/conf/confutil.cpp b/src/ui/util/conf/confutil.cpp
index 1eee0da5..22617464 100644
--- a/src/ui/util/conf/confutil.cpp
+++ b/src/ui/util/conf/confutil.cpp
@@ -88,6 +88,7 @@ int ConfUtil::writeFlags(const FirewallConf &conf, QByteArray &buf)
     confFlags->filter_enabled = conf.filterEnabled();
     confFlags->stop_traffic = conf.stopTraffic();
     confFlags->stop_inet_traffic = conf.stopInetTraffic();
+    confFlags->ignore_tcp_rst = conf.ignoreTcpRst();
     confFlags->app_block_all = conf.appBlockAll();
     confFlags->app_allow_all = conf.appAllowAll();
     confFlags->log_blocked = conf.logBlocked();
@@ -293,6 +294,7 @@ void ConfUtil::writeData(char *output, const FirewallConf &conf,
     drvConf->flags.filter_enabled = conf.filterEnabled();
     drvConf->flags.stop_traffic = conf.stopTraffic();
     drvConf->flags.stop_inet_traffic = conf.stopInetTraffic();
+    drvConf->flags.ignore_tcp_rst = conf.ignoreTcpRst();
 
     drvConf->flags.app_block_all = conf.appBlockAll();
     drvConf->flags.app_allow_all = conf.appAllowAll();