Linux Iptables block remote X Window server connection
It is true that connections to remote X Window servers should be always made over SSH. SSH supports X windows connections. So my task was allow X over ssh but block unprivileged X windows mangers TCP ports.
The first running server (or display) use TCP port 6000. Next server will use 6001 and so on upto 6063 (max 64 X managers are allowed from 6000-6063).
So assuming that you are going to force user to use ssh for remote connections, here are rules for IPTABLES (add to your firewall script):
iptables -A OUTPUT -o eth0 -p tcp --syn --destination-port 6000:6063 -j REJECT
iptables -A INPUT -i eth0 -p tcp --syn --destination-port 6000:6063 -j DROP
a) The first rules blocks outgoing connection attempt to remove X windows manger.
b) The second rule block incoming request for X windows manger. By using --syn flag you are blocking only connection establishments to the server port.
This is the good way to disallow unprivileged X windows mangers - TCP 6000:6063 ports
See also:
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Linux Iptables block outgoing access to selected or specific ip address
- Linux Iptables block incoming access to selected or specific ip address
- Linux : Iptables # 4 Block all incoming traffic but allow ssh
- Linux Iptables block all network traffic
- Linux: Iptables # 14 How to allow POP3 server/protocol request
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: block port 6000, block X server port, firewall script, incoming request, iptables_command, remote x, tcp ports, tcp syn, x windows



Recent Comments
Yesterday ~ 4 Comments
Yesterday ~ 12 Comments
Yesterday ~ 6 Comments
Yesterday ~ 21 Comments
Yesterday ~ 1 Comment