Linux Iptables block remote X Window server connection

by on July 10, 2006 · 0 comments· Last updated October 29, 2007

It is true that connections to remote X Window servers should be always made over SSH. SSH supports X windows connections. So my task was allow X over ssh but block unprivileged X windows mangers TCP ports.

The first running server (or display) use TCP port 6000. Next server will use 6001 and so on upto 6063 (max 64 X managers are allowed from 6000-6063).

So assuming that you are going to force user to use ssh for remote connections, here are rules for IPTABLES (add to your firewall script):

iptables -A OUTPUT -o eth0 -p tcp --syn --destination-port 6000:6063 -j REJECT
iptables -A INPUT -i eth0 -p tcp --syn --destination-port 6000:6063 -j DROP

a) The first rules blocks outgoing connection attempt to remove X windows manger.

b) The second rule block incoming request for X windows manger. By using --syn flag you are blocking only connection establishments to the server port.

This is the good way to disallow unprivileged X windows mangers - TCP 6000:6063 ports :)

See also:



You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 7 + 2 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.




Tagged as: , , , , , , , ,

Previous post:

Next post: