I used iptables -A INPUT -p tcp --destination-port 6000:6099 -i ppp0 -j DROP

when I type iptables -L i get:

INPUT
DROP tcp -- anywhere anywhere tcp dpts:x11:6099

But when I use nmap localhost, port 6000 still shows up as being open.

How do I close the port?

You need to do the nmap scan from a remote host. Your rule states that it is blocking through the ppp connection, and that does not mean it will block anything at localhost.

As to your second question, when you start x you can do
startx -nolisten tcp or maybe startx -- -nolisten tcp

If you use xdm then you have to adjust the Xservers file, if you use gdm then you have to modify the gdm.conf file. I don't know what to do if you use kdm.

Baldguy,

Thanks for the response!

I've looked everywhere for how to turn 6000 offf.

I've tried all the startx -nolisten tcp or maybe startx -- -nolisten tcp stuff.

I use gdm so I guess I must mess with gdm.conf

I set the line in my gdm.conf
AllowRemoteRoot=false
but this did not close the port.

I don't see how to close it otherwise through gdm.conf. I have no manual for gdm or gdm.conf.
Do you know how to do it?

**************

Also, if I can't check nmap via my machine, what's an easy way to check if my iptables are working?

Thanks again

If you'll edit /etc/X11/gdm/gdm.conf and edit the following line:


Towards the bottom of the file is a section:

[server-Standard]
name=Standard server
command=/usr/X11R6/bin/X
flexible=true


add -nolisten tcp to the end of the 3rd line so it reads:

command=/usr/X11R6/bin/X -nolisten tcp


This will stop X11 from listening on port 6000!