Restricting XWindows remote connections (iptables)
My goal here is to try to prevent xwindows applications from being run by local users and displayed on remote terminals (ultimately, I want them to be able to run only through ssh, but that's not important). My best guess at preventing outgoing xwindows connections involves iptables, but for the life of me I haven't been able to set up the rules properly so that these outgoing connections are blocked.
Most of the documentations I have come across involve rules like this:
iptables -D OUTPUT -s localhost -o eth0 -p tcp --dport x11 -j DROP
I have also tried replacing the 'x11' with specific port numbers and the connections still get through.
How would I go about setting up such rules, or is there a better way to restrict the X protocol like that?
I am running slackware 9.1 with kernel 2.4.24.