Sneaky Rule
I like this rule. The problem with logging is there is so much
of it. What is important, what isn't? This rule helps simplify
that. This rule looks specifically for any traffic initiated from
the DMZ going to the Internal network. This should never happen,
as the DMZ is an untrusted network. By creating this rule and giving it
an alert, we can quickly be notified when this occurs. Something
like this is one of the first indications that your DMZ may have been compromised.