I am having problems with IPF creating huge log files (2Mb +).
Most if the logged events are of the "p" type. I would like to 
cut this way back since I am interested in who (or what) is attempting
to whak my system. Below are the offending rules:

pass out log quick on ppp0 proto tcp from any to any flags S keep state
pass out     quick on ppp0 proto tcp from any to any         keep state keep frags

#  pass out log  quick on ppp0 proto tcp from any to any flags S keep state keep frags


The las rule is the original; I commented it, and replaced it with the first 2.
How do I know if this makes a diff; and where are all the logged "p" type packets
comming from? If they are being passed, should I be bothered?

Todd Gruhn

-- 
Have you ever killed anybody? Well I hurt somebodies feelings once...--R. Deniro--