On Tue, Nov 19, 2002 at 04:51:03PM -0800, Rick Moen wrote: > Quoting Edward Guldemond ([EMAIL PROTECTED]): > > > In /etc/X11/xinit/xserverrc, I have the following line: > > exec /usr/bin/X11/X -dpi 100 -nolisten tcp > > > > So why is X still listening on TCP? > > Because xdm/kdm/gdm don't heed /etc/X11/xinit/xserverrc, but rather > /etc/X11/xdm/Xservers ?
I am not running xdm/kdm/gdm though. I am using startx from the console. At any rate, I blocked these at the firewall level because, although I didn't notice any obvious attack that could cause a major problem, I was wary about leaving them open. > It's not obvious why this necessitates an X11 server on the firewall. > In the unlikely event that you need to run an X11 application from > it, do "ssh -X firewallhost" and image the X11 app onto your > non-firewall workstation. I have two people working in this office. This is just a network that I maintain. Currently, the company this is for (a small office), cannot afford a firewall machine, and isn't really keen on spending more on their network than is absolutely necessary. Trust me, I've tried to get them to stop, but, hey, it's there network that I just happen to maintain. -- ------------------------------------------ Edward Guldemond GPG Key: 0x4E505B0F Key fingerprint: 4CAC 6740 C1CD 3CE4 6CA0 34E9 B3B7 18EC 4E50 5B0F
pgpIxNsxniMrF.pgp
Description: PGP signature