'RE: [FW1] Exceed/X11 in the Rulebase'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-1
Subject:    RE: [FW1] Exceed/X11 in the Rulebase
From:       "Carey, Mike (ISS Southfield)" <mcarey () iss ! net>
Date:       2001-02-28 16:48:41
[Download RAW message or body]


If you telnet to a unix client and start an x windows program then the UNIX
host makes a connection to host listed in the DISPLAY variable.  In your
case the rule will be:  UNIX to PC x11.

-----Original Message-----
From: Joerg.Fritsch@tesion.de [mailto:Joerg.Fritsch@tesion.de]
Sent: Wednesday, February 28, 2001 11:35 AM
To: Carey, Mike (ISS Southfield);
fw-1-mailinglist@lists.us.checkpoint.com
Subject: AW: [FW1] Exceed/X11 in the Rulebase


Hi,
thanks. What I'm almost more concerned about is:
is it a Unix to PC X11 rule or a PC to Unix X11 rule which does the job.

--Joerg


-----Ursprüngliche Nachricht-----
Von: Carey, Mike (ISS Southfield) [mailto:mcarey@iss.net]
Gesendet: Mittwoch, 28. Februar 2001 17:30
An: 'Joerg.Fritsch@tesion.de'; fw-1-mailinglist@lists.us.checkpoint.com
Betreff: RE: [FW1] Exceed/X11 in the Rulebase


If you use ssh, you can forward x11 back through your ssh connection (an
option on most ssh clients) then there is no need for the unix to pc x11
rule.  Otherwise the firewall does not know to expect x11 traffic
automatically, and you need two rules.

-----Original Message-----
From: Joerg.Fritsch@tesion.de [mailto:Joerg.Fritsch@tesion.de]
Sent: Wednesday, February 28, 2001 10:27 AM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Exceed/X11 in the Rulebase



According to my knowledge tge PC which is using Exceed to open a display on
a U**x system is the XServer ... and the U**x System is the XClient in that
case. That means the rule should look like this:

U**x	PC	X11	Accept

Is that right ??

XProtocols have a portrange > 6000. That means the underlying usage
(Exceed-config calls that "Command" like telnet, ssh can not be
tracked/known by the state tables of Firewall1, so I need an extra ruke like
this:

PC	U**x	telnet	Accept

Is that right. Does the Exceed connection with the telnet command really
need these two rules or does it simply need:

PC	U**x	X11	Accept 

Thanks for comments and advice,
--Joerg





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic