Quoting Edward Guldemond ([EMAIL PROTECTED]): > In /etc/X11/xinit/xserverrc, I have the following line: > exec /usr/bin/X11/X -dpi 100 -nolisten tcp > > So why is X still listening on TCP?
Because xdm/kdm/gdm don't heed /etc/X11/xinit/xserverrc, but rather /etc/X11/xdm/Xservers ? >> When this is your firewall, you might consider stopping X11 and not >> using this as a desktop machine at all. Every program running and >> every tool installed, might be used by an attacker against you. > > I realize that, however, since both machines are needed for work, I > don't really have a choice. It's not obvious why this necessitates an X11 server on the firewall. In the unlikely event that you need to run an X11 application from it, do "ssh -X firewallhost" and image the X11 app onto your non-firewall workstation. But suit yourself. -- Cheers, "Get the facts first. You can distort them later." Rick Moen -- Mark Twain [EMAIL PROTECTED]