Re: How to disable logging of certain rules?

> That's not what TTL means. TTL is a field in IP packet header which
> indicates how many more routers this packet can traverse before it is
> dropped. It's designed so that packets wihich cannot be delivered
> anywhere and remain in the routing loop somewhere won't remain
> circulating on the net forever. Each router that forwards the packet
> decreases the TTL by one and when TTL reaches zero the packet is
> discarded.
>
> By specifying 'ttl 10' in your IPF rule, you say you want to only match
> those packets whose TTL field equals to 10.

Thanks, that solved the problem! It's why I haven't been getting a match on
rule #1, and so it was being picked up and dropped by the cleanup rule, and
thus logged.

> Plus, I'm still thinking 'keep state' can't be used with 'block'.

It's a potential issue, so I went on to research it further. Here is a snap
of the state table (`ipfstat -t`) with the offending IP. Note that the
number of packets is > 1, and that it'll often increase before the TTL for
that entry expires:

Source IP Destination IP ST PR #pkts #bytes
ttl
x.x.x.x,67 255.255.255.255,68 0/0 udp 10 3328 1:22

Since the number of packets change with each occurence, is it reasonable to
assume multiple packets from the same host are being dropped with the same
state table entry? There is always only one entry in the state table for
that host.