I'm quite a newbie with security-related things on linux, and just learning these... so I guess somebody has a simple answer to this question (hopefully ) which is related to a firewall based on iptables...

First of all, net-based tests (like the one at grc.com) show my ports as "stealth", but of course when I did a quick scan with nmap, it revealed my ports were all closed - except for one: port number 6000 (tcp), used by X11, was open. How's this possible? I've tried few times to get all the ports closed, but no - number 6000 isn't that easy, it just stays open no matter what I do.

So is there a way to get this damn port closed, or at least look like it? And why the heck is it open? Does X11 truly need an open port to work? Can't be...because if it is, then my X is going for a long walk with no return.

I also found that (at least in my opinion) grc-type test are quite easy to pass, but is there a way to get protected from scans like nmap? Was there or not, please tell me how I'll get my X11's open port closed.....

(please keep in mind I haven't played long with all these fwall, iptables, netfilters nor other related stuff...basically just read something about them and tried out for a small amount of time)

thanks for any help in advance

No, X does not need the port to work. Read the manual page for how to disable listening on TCP. Second thing, are you using nmap from your system? If so, you will see ports that are open _locally_ -- they may not be accessible from the Internet (I once made this mistake when I first dealt with firewalling, I thought all my rules were failing).

ok thanks.. and yes, I did run nmap from my own machine. I guess I'll have to ask a friend to run it

btw. I read an article (somewhere on the web...couldn't find it today anymore when I remembered it.. :/ ) about how to "cheat" the nmap's OS guessing. I can't remember how it exactly went, but it had something to do with netfilter...any clues on how it might go? the basic idea was (I think) to get, with the aid of netfilter-kernel module, the system look to a scanner like some another system than it really is....?

This is not really worth it. If you have external services running it is usually trivial to make one of them expose data about the system. If you do not have external services running, then your dropping everything from nmap does not give it too many clues =). In general, you would be better spending your time reading about how to lock down the firewall rules and looking into general system security.

alright thanks for answering...next job indeed is to get a bit deeper into these firewall-policies and other stuff..

to stop x11 from listening port 6000 run start x like that
startx -- -nolisten tcp

to avoid typing this everytime you reboot add this to your .bashrc file
alias startx='startx -- -nolisten tcp'

if you launch kde automatically with kde login screen, find the xservers file,

(in /opt for slackware, but i am sure you know where kde is installed on your distro)

/opt/kde/share/config/kdm/xservers

change the line

:0 local@tty1 /usr/X11R6/bin/X vt7

to

:0 local@tty1 /usr/X11R6/bin/X vt7 -nolisten tcp

tobyl