hi,
just a observation that SMTP unto itself is unable to determine whether a
connection is from telnet or nc or authentic per se.. Recall seeing a rather
interesting program that eyeballed established connections for behavior.
then acted accordingly depending on your wishes. The author of the program
did say that the methodology was susceptable to DoS. seems to me @ times
the cure is worse than the cold.
Internal to DMZ hmm.. it is true that every $path=port allowed leaves another
portal to pick.. knowing that if one using a stateful 'ipf' so that you are
allowing only sessions est from the inside and one specific int-system to a
system on the DMZ but DO NOT allow anything coming in from any
any outer rings this is pretty good. one of the issues then becomes can you
trust the data on the system your connecting too? if it is your DMZ "NO"
therefore you need to at the very least be sure that you trust the data
you are writing to the DMZ system a bit better;-))
In the case of Linux Firewalling there are a number of programs but
the one that would come with STDOUT Linux-distros is ipchains it is a packet
filter-fw that is quite good remember to always 'deny everything' :-)) the
allow a few services if you need them. See as well ip masquerading;-))There
are a few ipchain howtos as well as on on the 'LDP' which will help you out.
If you do a search there are plenty of resources for this subject.
Well hope the read helped to some degree!
Regards,
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
