Normally not. There is no way for the 'outside' network to address your
dom0 machine. If it does not have an IP address on the external bridge
If the dmz is compromised though, the attacker would have access to the dmz bridge and all hosts connected to it right?. This should exclude dom0 since there is no interface in dom0 attached to the dmz bridge (xenbrD). Is this correct?
[root@mymainserver ~]# brctl show
bridge name bridge id STP enabled interfaces
eth0 8000.00146c30c25a no vif8.0
virbr0 8000.000000000000 yes
xenbrD 8000.feffffffffff no vif11.0
I believe in the above vif1.0 is probably attached to the asterisk domU while vif2.1 is to the dmz domU though I dont know how to check for sure. I did not manually enslave a dom0 interface to the xenbrD bridge when I created it.