>Well, the admins who would potentially use this proposed feature, yes. >It would not take a lot of effort to trick the firewall into exposing >the ports. People aren't perfectly capable of writing a good ruleset. >This is evident from the amount of traffic on the mailing lists asking >for assistance in creating rudimentary rule sets.
I agree, most people seem to require assistance with basic rulesets. However, can someone offer an example of how the proposed feature could be exploited from the outside? Assuming there is no NAT... can't think of anything myself. Cheers, Adrian.
