frag

Description

Used to filter IP fragments (for both IPv4 and IPv6 rules).

The fragments filter keeps track of packets that are fragmented, reassembles the fragments, and then applies the firewall rules.

Synopsis

{block | pass} {in | out} [all] with [no] frag {from | to} address_scope

address_scope can be a unique IP address, an address space, or the keywords !, all, me, or any.