On Thu, Nov 14, 2002 at 01:55:59PM -0600, Miller, Jeff - x3328 wrote: > Although I'm new to netfilter I haven't found anything that will keep > this idea from working. However it is a lot of setup, and I've never > really heard of anyone doing this before (except maybe on small > firewalls where the DMZ is a single port on a lone firewall). Further > complicating things is the fact that there will be around a dozen > machines in the DMZ, requiring multiple quad NIC's. Any feedback on > this crazy approach would be appreciated, thanks!
My firewall script takes this approach to creating a DMZ. However, I also go a littler further and only allow the DMZ systems to respond to outside requests. So, they can respond to any external request that reaches them, but they can not initiate a connection to something outside their subnet. -- Jamin W. Collins
