 Re: X11 not passing the FW
That's normal behavior because X11 is considered a dangerous service since it can open a new back connection back into the network. That's why it is not included in "any" unless you explicitly put it there. The possible problem with doing so is that "any" anywhere in the rule base now includes X11 and it's just not that prevalent in usage.
Ray |