How should a firewall process fragmentation flags?

What will be an ideal response?

Fragmentation of IP packets isn't bad in theory. Fragmentation was originally developed as a means of enabling large packets to pass through early routers that had frame size limitations. Routers were able to divide packets into multiple fragments and send them along the network, where receiving routers would reassemble them in the correct order and pass them to their destination. The problem with fragmentation is that because the TCP or UDP port number is provided only at the beginning of a packet, it appears only in fragments numbered 0. Fragments numbered 1 or higher pass through the filter because they don't contain any port information. All an attacker has to do is modify the IP header to start all fragment numbers of a packet at 1 or higher. To be safe, you should have the firewall reassemble fragmented packets before making the admit/drop decision.