> I personally like to 'pass keep state' with a 'scrub all' rule. This
> at least gives me some interesting statistics to poke at when I'm
> bored. Plus, I can firewall who gets to ssh into my machine.
Another good use is {max-src-states ##} for webservers and the like.
I have a webserver that would crash at 9am every morning when a few
bots (2 in particaular) would crawl the site. They are poorly
configured and open roughly 120 simlutaneous connections. They were
very low bandwidth, but there went all available connections.
To quote Theo it's "Horse-shit" to say you don't need to filter single hosts.
--Bryan
