05-10-2008, 09:38 AM
|
#2
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
By default ports in the 6000 range typically aren't "listening" so you shouldn't need to close it. The command to allow for displaying from other locations to your local workstation is xhost - unless you've done something like "xhost +" you're not allowing connections back to your server.
However, one could set DISPLAY variable equal to a remote machine's IP and have the X-Window display there and that would open a port in the 6000 range between your host and that remote machine. You could explicitly prevent this in your iptables configuration (type "man iptables" for more detail on its configuration). Iptables is a firewall built into Linux.
You CAN do secure X-Windows by using ssh X tunneling. In essence the X-Window goes through through your ssh session so the traffic is encrypted. To allow that you'd have to insure you do NOT prohibit the 6000 range on "localhost" (127.0.0.1) if you decided to prohibit it in Iptables. That is you'd prohbit only on your NIC IPs.
See the -x and -X options of ssh in the ssh man page for more information on the tunnels.
|
|
|