> Now behind that is gonna be a DMZ and a LAN, so I wanted to know the > risks of the firewall being compromised (the firewall linux > server will have no open ports at all, not even for maintenance on > the inside. I need it to be as secure as I can get it)
You have no ports open? The firewall application is listening to the raw interface and reacting to every packet. In some ways, you have every port open. A vulnerability in this code would be the way to break in. -David