pf


IPv6 fragment reassembly

better state tracking for some IPv6 madness
ICMPv6
ND, MLD etc - autoconf stuff

pfctl prints port numbers instead of service names by default

one shot rules: match once, create state, remove themselves then
think proxies