Re: Firewall rule for X11 usage
Re: Firewall rule for X11 usage
- Subject: Re: Firewall rule for X11 usage
- From: Richard Cook <email@hidden>
- Date: Wed, 15 Jan 2003 15:26:00 -0800
At 2:47 PM -0800 1/15/03, Justin Walker wrote:
On Wednesday, Jan 15, 2003, at 14:28 US/Pacific, Sean Ahern wrote:
Lennart Broekhof wrote:
What would be a good firewall rule on the Mac, so you can use x11 without
having to switch off the firewall ?
If X11.app is like every other X server around, it listens by default on
port 6000 for display :0. If you open up port 6000, you should be fine.
This works, of course, but pundits will be quick to point out that
it's low on the security scale. A better scheme, if it works for
you, is to use "X forwarding", via ssh. Cf the ssh man page for
details.
I agree that yours is a secure option and much better than just using
'xhost', but a better option is to open port 6000 and use xauth to
authorize client connections from the remote host to your localhost.
If you tunnel through ssh you must pay a performance penalty to
encrypt everything. There is nothing inherently insecure about
opening up port 6000 in a firewall, except that you are now relying
on your X server to be secure.
--
Richard Cook
Lawrence Livermore National Laboratory
Bldg-451 Rm-2043, Mail Stop L-561
7000 East Avenue, Livermore, CA, 94550, USA
phone (925) 423-9605 (work) fax (925) 423-8704
---
Information Management & Graphics Grp., Services & Development Div.,
Integrated Computing & Communications Dept.
(opinions expressed herein are mine and not those of LLNL)
_______________________________________________
x11-users mailing list | email@hidden
Help/Unsubscribe: http://www.lists.apple.com/mailman/listinfo/x11-users
Do not post admin requests to the list. They will be ignored.