If it's not, and if the firewall is forwarding the packets as received, not reassembling them, which seems likely, then I'll need some other filtering rule to allow them, while not allowing random UDP based attacks. Personally, I have to say that sounds a bit over-paranoid. Fragmentation may not sp...