fragments—FO field = 0 (FO means the fragment offset field in the IP header). BlackDiamond X8 series switches, BlackDiamond 8000 c-, e-, xl-, and xm-series modules, and Summit family switches only. This will match first fragment also (packets with FO = 0).
first-fragments—FO == 0.
The fragments keyword cannot be used in a rule with L4 information. The syntax checker will reject such policy files.
The following rules are used to evaluate fragmented packets or rules that use the fragments or first-fragments keywords.
An L3-only rule that does not contain either the fragments or first-fragments keyword matches any IP packets.
An L4 rule that does not contain either the fragments or first-fragments keyword matches non-fragmented or initial-fragment packets.
An L3-only rule with the fragments keyword only matches fragmented packets.
An L4 rule with the fragments keyword is not valid (see above).
An L3-only rule with the first-fragments keyword matches initial fragment packets.
An L4 rule with the first-fragments keyword matches initial fragment packets.