pf logging differences

[Greg Hennessy]

> 
> Why is the first host producing more detailed logs? why isnt pf showing
> the port that was blocked or anything else like it does in the first
> host? Is there a way to make the ng0 interface log more or is this due
> to the netgraph hooks into pf?

At a rough guess, you've not got IPV6 compiled into the 2nd system, if not
tcpdump defaults to a snaplen of 64 rather than 96 bytes. 



Greg