> I personally like to 'pass keep state' with a 'scrub all' rule. This > at least gives me some interesting statistics to poke at when I'm > bored. Plus, I can firewall who gets to ssh into my machine.
Another good use is {max-src-states ##} for webservers and the like. I have a webserver that would crash at 9am every morning when a few bots (2 in particaular) would crawl the site. They are poorly configured and open roughly 120 simlutaneous connections. They were very low bandwidth, but there went all available connections. To quote Theo it's "Horse-shit" to say you don't need to filter single hosts. --Bryan