check-state,logging and dummynet questions

[Chris]

Hi I been using ipfw for a small while now, but have a few concerns I will
list below.

1 - Logging - I would like to see the packet size logged so when I am
attacked I can diagnose the type of attack more effectively, toher firewalls
such as pf and iptables do this, I would also like a option to perhaps rate
limit logging so if I am recieving 5000 pps I am not logging 5000 pps.  I
have used the logamount directive to help this problem.

2 - Dummynet - I would like to rate limit syn packets via packer per second
rather then kbit/sec because I currently limit src ip's to 1kbit/sec of tcp
syn to help on syn floods but this is still too high, also it would be nice
if the interval of the block could be adjustable when dummynet blocks.

3 - keep-state - This is a weird one, I am currently using allow established
instead of check-state because if I use check-state everytime I flush the
rules I get booted from my ssh session and a load of established connections
drop, I understand this is probably intended behaviour since it has to
restablish the stateful flag after the flush, is there a way to workaround
this for connections that need to stay alive during a rule cycle or even
better a way to keep dynamic rules when static rules are flushed.

Thanks for your time

Chris