Re: [fw-wiz] Do you permit X11 via proxy firewall?



We *used* to allow X11 via Gauntlet's x-gw, when I was handed the
firewall as part of my new security position...

Then when Gauntlet started getting passed around from vendor to vendor,
and was ultimately replaced, we decided that X11 wasn't the best thing
to be allowing through. Oh, and the new firewall didn't use proxying, so
it was an easy "choice." We weren't about to open up a packet filter to
handle that beast.

Jeff

On Wednesday, September 05, 2007 10:38 AM, ArkanoiD said:

And, if yes, how do you implement it?
Using legacy X11 proxies that perform uninspected (though authorized)
circuit relays, similar to TIS/NAI x-gw? Using something similar to
xorg's xfwp (which does not seem to be compatible with older X
servers)?

Or is x11 firewall support just a useless tradition?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: eseguire unapplicazione Cocoa da remoto
    ... ma a scanso di equivoci i firewall di entrambe ... le macchine sono su "consenti tutte le connessioni in ... l'esperimento sulla stessa macchina ma lanciando ssh con un solo ... funzionato (non ho usato nessuna opzione per X11). ...
    (it.comp.macintosh)
  • Re: [fw-wiz] Do you permit X11 via proxy firewall?
    ... If you already permit SSH, then X11 can trivially be tunneled in SSH. ... I would strongly recommend total blocking of the X11 ports through a firewall regardless of the vendor! ...
    (Firewall-Wizards)
  • Re: Latenzzeit RDP und ICA
    ... "Lars Schwittay" schrieb: ... X11 native über die Leitung zu jagen (mal abgesehen davon, ... Aber auch dann brechen Sessions in sich zusammen, wenn die Firewall es ... Packet-Inspection liegen, also in den internen Verwaltungstabellen, die ...
    (microsoft.public.de.german.win2000.termserv.apps)
  • Re: [fw-wiz] Do you permit X11 via proxy firewall?
    ... I would strongly recommend total blocking of the X11 ports through a firewall regardless of the vendor! ... Using legacy X11 proxies that perform uninspected ...
    (Firewall-Wizards)