ifaces/default/fw/ip6tables/filterСтоит ли писать две строчки вместо одной?-j DROP-f -j DROP
$ man iptables...[!] -f, --fragment This means that the rule only refers to second and further IPv4 fragments of fragmented packets. Since there is no way to tell the source or destination ports of such a packet (or ICMP type), such a packet will not match any rules which specify them. When the "!" argument precedes the "-f" flag, the rule will only match head fragments, or unfragmented packets. This option is IPv4 specific, it is not available in ip6tables....
