If modelling ideal situation, then: md5 password doesn`t match or empty, then peering must be closed... Now md5 working only for outgoing packets, not for input. And peering not closed if password miss or not match. because bsd not check incoming packets, i think...