Firewall Wizards mailing list archives

Re: Do you permit X11 via proxy firewall?

From: "K K" <kkadow () gmail com>
Date: Wed, 5 Sep 2007 13:40:02 -0500

On 9/5/07, ArkanoiD <ark () eltex net> wrote:

And, if yes, how do you implement it?

. . .

Or is x11 firewall support just a useless tradition?


If you already permit SSH, then X11 can trivially be tunneled in SSH.
Well, technically, any protocol can run inside SSH (if you have the
latest OpenSSH), but X is particularly well-supported.


On 9/5/07, Skough Axel U/IT-S <axel.skough () scb se> wrote:

Why should one desire the allowance of a computer from unsecure network to control the keyboard and screen on a 
computer on inside?
I would strongly recommend total blocking of the X11 ports through a firewall regardless of the vendor!


What about the issue of permitting *outbound* connections from
internal hosts to access X11 on the "outside" of the firewall,
including on your DMZ?  Perhaps X has been superseded by VNC, RDP, and
Citrix, and is no longer a consideration for firewall policies?

Kevin
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Do you permit X11 via proxy firewall? ArkanoiD (Sep 05)
- Re: Do you permit X11 via proxy firewall? Skough Axel U/IT-S (Sep 05)
- Re: Do you permit X11 via proxy firewall? Behm, Jeffrey L. (Sep 05)
- Re: Do you permit X11 via proxy firewall? K K (Sep 05)
- Re: Do you permit X11 via proxy firewall? Paul Melson (Sep 05)
  - Re: Do you permit X11 via proxy firewall? ArkanoiD (Sep 05)
    - Re: Do you permit X11 via proxy firewall? dlang (Sep 06)
    - Re: Do you permit X11 via proxy firewall? ArkanoiD (Sep 08)
    - Re: Do you permit X11 via proxy firewall? jason (Sep 08)
  - Re: Do you permit X11 via proxy firewall? Jim Seymour (Sep 06)
- <Possible follow-ups>
- Re: Do you permit X11 via proxy firewall? dlang (Sep 10)