I have the Z100G plugged into a switch and all my systems are plugged into the switch. Why does the Z100G's firewall keep logging blocked packets on the "home" network side of the Z100G? I thought the firewall was only on the Internet/home network interface?

00401 26May2007 14:29:17 UDP 192.168.x.76 (xxxx) [Spoofed IP] 138 192.168.x.255 138 (NetBIOS)

00154 26May2007 12:58:19 UDP 192.168.x.11 (xxx) [Spoofed IP] 68 255.255.255.255 67 (BOOTP)

A good firewall should be able to block packets both ways. The vast majority of outbound ports are not needed and malware often uses these ports to "phone home" or infect other computers. Blocking such outbound traffic is being a good 'net citizen should one of your computers become infected. It can also tell you that you have an infection on one of the computers in your secure space. And by knowing what ports are being used by malware, it may help identify what it is.

I have noted a small amount of outbound blocked traffic from my computers, though the cause is not clear. I have been working on the hypothesis that a small amount of blocked traffic may not be alarming since trying to find the cause of each event would be impossible.

Its not outbound traffic! it is between two systems on my private network sat behind the Z100G.

Are the two computers on different media? Wired and wireless? You may need to "bridge" the two networks.

I was able to duplicate the spoofed IP message.
My lan is 192.168.10.x
I changed the TCP settings on a PC to 192.168.9.1

Because the router thinks that all PC's should be 192.168.10.x the 192.168.9.1 is rejected as spoofed. That is, the firewall says my local interface is 192.168.10.x therefore I expect all PC's hitting the LAN should also be 192.168.10.x.
This is normal behaviour for firewalls.
On Company firewalls you can do various modifications to allow multiple networks to hit the firewall.

Modify the settings on the PC being dropped to either obtain a DHCP address automatically or set it to be on the same network as the inside of your router.

Since the 192.168.x.x is RFC-1918 not routable it is safe to let us know what exactly what the XXXX is in your message.

Both PC's are on the same subnet and both have Z100G DHCP assigned addresses.