LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-08-2003, 02:47 PM   #1
SocialParasite
Member
 
Registered: Feb 2003
Distribution: Slackware 10
Posts: 38

Rep: Reputation: 15
iptables causing Gnome 2.2 to load slowly for non-root user


I finally have my firewall script nearly 95% ironed out. I can now browse the web and use IRC. WEE!!

Anyway:

Now when I use my user account and I start X it takes Gnome 2.2 upwards of two minutes (or however long it took for me to walk the dog) to start.

This is the offending piece of code:

$IPTABLES -A INPUT -p tcp --dport 6000:6001 -s $LO_IP -j ACCEPT

$IPTABLES -A INPUT -p tcp --dport 6000:6001 -s ! $LO_IP -j LOG --log-prefix "X11 attempt:"

What I THINK the above is supposed to do is:

1) allow xsessions from 127.0.0.1 (localhost)

2) log attempts to connect to X from outside hosts

Any idea how I can have rules that block outside attempts, but allow me to use it?
 
Old 07-08-2003, 05:56 PM   #2
jerky
Member
 
Registered: Jul 2003
Distribution: RH 7.3 , RH9,RHEL,FC
Posts: 38

Rep: Reputation: 15
I assume your firewall is running on your computer that is on the external interface. Are you allowing all incoming and outgoing traffic from your loopback device ??

$IPTABLES -A INPUT -j ACCEPT -i lo
$IPTABLES -A OUTPUT -j ACCEPT -o lo


as for allowing incoming ip's specifically for your 6000:60010 port range, by jsut setting your default policy on INPUT to drop will deny all external attempts to access it, if you want too allow people to start or send x related programs to other hosts, specify them

$IPTABLES -A INPUT -p tcp -s x.x.x.x --dport 6000:6010 -j ACCEPT
same as your example..

this will allow x.x.x.x to start a program on your computer and let them display it on theres, of course you have to also do

xhost +x.x.x.x and have your xserver set to recieve connections, i know debian turns this off by default, redhat leaves it on.
 
Old 07-08-2003, 10:10 PM   #3
SocialParasite
Member
 
Registered: Feb 2003
Distribution: Slackware 10
Posts: 38

Original Poster
Rep: Reputation: 15
Quote:
$IPTABLES -A INPUT -j ACCEPT -i lo
$IPTABLES -A OUTPUT -j ACCEPT -o lo
I don't have anything like that set up, I don't believe (I'm booted in Windows right now and can't check).

I don't want others to access X. Just my user account.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Programs load very slowly! sdat1333 Mandriva 6 11-24-2004 02:41 PM
Dropline gnome, and user unable to load bumbumkoala Slackware 2 11-09-2004 11:36 AM
Gnome: root gets v2.6 but user gets v2.4 alexc Linux - Newbie 4 04-21-2004 12:10 AM
load script during boot not as user root? ziggie216 Linux - General 1 11-20-2003 11:30 AM
iptables: non-root user access? KendersPlace Linux - Networking 2 06-17-2003 07:33 AM


All times are GMT -5. The time now is 01:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration