[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] AW: [FW1] Exceed/X11 in the Rulebase
Hi, thanks. What I'm almost more concerned about is: is it a Unix to PC X11 rule or a PC to Unix X11 rule which does the job. --Joerg -----Ursprüngliche Nachricht----- Von: Carey, Mike (ISS Southfield) [mailto:[email protected]] Gesendet: Mittwoch, 28. Februar 2001 17:30 An: '[email protected]'; [email protected] Betreff: RE: [FW1] Exceed/X11 in the Rulebase If you use ssh, you can forward x11 back through your ssh connection (an option on most ssh clients) then there is no need for the unix to pc x11 rule. Otherwise the firewall does not know to expect x11 traffic automatically, and you need two rules. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, February 28, 2001 10:27 AM To: [email protected] Subject: [FW1] Exceed/X11 in the Rulebase According to my knowledge tge PC which is using Exceed to open a display on a U**x system is the XServer ... and the U**x System is the XClient in that case. That means the rule should look like this: U**x PC X11 Accept Is that right ?? XProtocols have a portrange > 6000. That means the underlying usage (Exceed-config calls that "Command" like telnet, ssh can not be tracked/known by the state tables of Firewall1, so I need an extra ruke like this: PC U**x telnet Accept Is that right. Does the Exceed connection with the telnet command really need these two rules or does it simply need: PC U**x X11 Accept Thanks for comments and advice, --Joerg ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|