Some of the firewall administrator thing DMZ is a part of their local network made available to outside world !
This is wrong ! From the LAN side, DMZ is as dangerous as the Internet itself.
The rules used to protect the LAN from the Internet should be the same as the one to protect from the DMZ !
Only rules to give access to the DMZ from the LAN can be lowered down !