Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My goal here is to try to prevent xwindows applications from being run by local users and displayed on remote terminals (ultimately, I want them to be able to run only through ssh, but that's not important). My best guess at preventing outgoing xwindows connections involves iptables, but for the life of me I haven't been able to set up the rules properly so that these outgoing connections are blocked.
Most of the documentations I have come across involve rules like this:
iptables -D OUTPUT -s localhost -o eth0 -p tcp --dport x11 -j DROP
I have also tried replacing the 'x11' with specific port numbers and the connections still get through.
How would I go about setting up such rules, or is there a better way to restrict the X protocol like that?
I guess it's a typo but I mention anyway.
iptables -D OUTPUT -s localhost -o eth0 -p tcp --dport x11 -j DROP
would delete a rule it should be something like
iptables -I OUTPUT -s localhost -o eth0 -p tcp --dport x11 -j DROP
which will insert a new rule as the first rule making sure that any other rules let it through.
iptables -F output <-----------------------That will clear the output chain
iptables -A output -j LOG <---------------That will log everything
iptables -A output -j DROP <--------------That will drop everything so nothing can get through
and then try your programs ... then youll know how they are getting through.
add the rules you need into your original rules and your set.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.