|
||||||||
First, let me thank you for an excellent product and all the work you put into maintaining it. I have a web server in a DMZ with only port 80 open to the world. Right now, someone can telnet to port 80 and poke around with my Apache installation. Given the right person and the wrong installation, this can cause a lot of problems. If m0n0wall had stateful (or dynamic) packet filtering then port 80 would only accept HTTP connections and the sysadmin could sleep (a little) easier. Naturally, I have no idea how to implement this myself (hence my use of m0n0wall and my e-mail to this list) but I think it would be a useful topic for future development. Of course, if such functionality already exists and I've completely overlooked it, I'd appreciate a push in the right direction. |