Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-13-2004, 07:34 PM
|
#1
|
Member
Registered: Sep 2002
Location: Seattle, WA
Distribution: Ubuntu
Posts: 101
Rep:
|
Restricting XWindows remote connections (iptables)
My goal here is to try to prevent xwindows applications from being run by local users and displayed on remote terminals (ultimately, I want them to be able to run only through ssh, but that's not important). My best guess at preventing outgoing xwindows connections involves iptables, but for the life of me I haven't been able to set up the rules properly so that these outgoing connections are blocked.
Most of the documentations I have come across involve rules like this:
iptables -D OUTPUT -s localhost -o eth0 -p tcp --dport x11 -j DROP
I have also tried replacing the 'x11' with specific port numbers and the connections still get through.
How would I go about setting up such rules, or is there a better way to restrict the X protocol like that?
I am running slackware 9.1 with kernel 2.4.24.
Thanks
|
|
|
02-14-2004, 05:03 AM
|
#2
|
Senior Member
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028
Rep:
|
I guess it's a typo but I mention anyway.
iptables -D OUTPUT -s localhost -o eth0 -p tcp --dport x11 -j DROP
would delete a rule it should be something like
iptables -I OUTPUT -s localhost -o eth0 -p tcp --dport x11 -j DROP
which will insert a new rule as the first rule making sure that any other rules let it through.
Other than that it seems ok.
|
|
|
02-14-2004, 07:41 PM
|
#3
|
Member
Registered: Sep 2002
Location: Seattle, WA
Distribution: Ubuntu
Posts: 101
Original Poster
Rep:
|
Whoops, my bad. I was actually try in the -A switch. maybe i'll try that one.
Thanks
|
|
|
02-16-2004, 05:38 PM
|
#4
|
Member
Registered: Sep 2002
Location: Seattle, WA
Distribution: Ubuntu
Posts: 101
Original Poster
Rep:
|
Still no go. the programs still run remotely.
|
|
|
02-17-2004, 07:03 AM
|
#5
|
Member
Registered: Sep 2003
Location: TX
Distribution: slackware
Posts: 301
Rep:
|
why dont you:
iptables -F output <-----------------------That will clear the output chain
iptables -A output -j LOG <---------------That will log everything
iptables -A output -j DROP <--------------That will drop everything so nothing can get through
and then try your programs ... then youll know how they are getting through.
add the rules you need into your original rules and your set.
|
|
|
All times are GMT -5. The time now is 03:34 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|