Firewall Wizards mailing list archives

Re: Do you permit X11 via proxy firewall?

From: dlang () diginsite com
Date: Wed, 5 Sep 2007 16:48:46 -0700 (PDT)

On Thu, 6 Sep 2007, ArkanoiD wrote:

That's most practical, almost everyone is doing that.
So we can declare x11 gateways officially dead, i guess.

On Wed, Sep 05, 2007 at 05:02:50PM -0400, Paul Melson wrote:

And, if yes, how do you implement it?


No, that's what 'ssh -X' is for.


why is tunneling X through firewalls noticably safer then just doing packet 
filtering to allow it through?

if the only answer is becouse it prevents someone from intercepting and 
tinkering with the TCP datastream then it's only relavent in some situations and 
you are saying that in others it's perfectly safe to just do packet filtering.

remember, just becouse everyone is doing it, it may not be safe.

remember almost everyone thinks that firewalls are just packet filters and have 
no business actually looking at the packets that they let through.

David Lang
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Do you permit X11 via proxy firewall? ArkanoiD (Sep 05)
- Re: Do you permit X11 via proxy firewall? Skough Axel U/IT-S (Sep 05)
- Re: Do you permit X11 via proxy firewall? Behm, Jeffrey L. (Sep 05)
- Re: Do you permit X11 via proxy firewall? K K (Sep 05)
- Re: Do you permit X11 via proxy firewall? Paul Melson (Sep 05)
  - Re: Do you permit X11 via proxy firewall? ArkanoiD (Sep 05)
    - Re: Do you permit X11 via proxy firewall? dlang (Sep 06)
    - Re: Do you permit X11 via proxy firewall? ArkanoiD (Sep 08)
    - Re: Do you permit X11 via proxy firewall? jason (Sep 08)
  - Re: Do you permit X11 via proxy firewall? Jim Seymour (Sep 06)
- <Possible follow-ups>
- Re: Do you permit X11 via proxy firewall? dlang (Sep 10)