need some comments on the security aspect if the above was implemented.
i have considered the these aspects :
1. source address verification (spoofing)
2. strict forward chains based on address
3. trusted to anywhere is MASQed, direct forwarding is allowed only between
internet and dmz
4. strict control on ports for dmz and trusted.
hope to get some good tips and comments from you guys.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
