Many corporations just decide whether a server (HTTP, FTP, IPP) is
inside the corporate firewall or outside. Those (few) that are outside
are accessible by anyone on the Internet. Those that are inside the
firewall are not accessible from the outside, but are accessible to all
from inside the firewall that doesn't cross the firewall. No filtering is
required.
For example, at Xerox, we hav:
- a public web server that is outside the firewall for customer and
employee access
- physically different web servers for internal use only that are inside
the firewall.
Presumably, from inside such a corporation, people can access the
(few) servers that their corporation has put outside the firewall,
provided that the outbound firewall places no restriction on such traffic.
So by discussing inbound firewall filtering, are we really talking about a
real problem that needs solving?
Thanks,
Tom